By the end of this blog, you will understand the similarities and differences between AWS Config and Cloud Custodian, allowing you to decide which tool to use or how to use both of them together. What is? AWS Config: It is a service that enables you to assess, audit, and evaluate the…

Prerequisites AWS & Cloudflare Account Registered Domain with CloudFlare’s nameservers. Learn how to host a static website in AWS S3, serve it using CloudFlare, and utilise WAF to filter out unusual traffic in this blog post. Serving the website from CloudFlare has a number of benefits, including caching static content in…

Greetings! You can utilise the AWS CDK’s official getting started guide. Let’s begin with a brief overview of the procedure: With the help of the managed client-based VPN service known as AWS Client VPN, you can safely access AWS resources. What is Client Authentication? At the initial point of access to the AWS Cloud, client authentication is put into…

You will learn how to deploy VPC, CDN, ALB, and ECS Fargate in this blog. Pre-requisite: AWS IAM user with administrative privileges Registered Domain(like example.com) from Route53 Public ACM Certificate for you domain Requesting a public certificate The following sections discuss how to use the ACM console or AWS CLI to request a public ACM certificate. If you…docs.aws.amazon.com 4. AWS Command-Line Interface Setup

Greetings to everybody! After reading this blog, you will be able to create a Cloudfront WAF using Typescript and AWS CDK, including the ability to analyse AWS WAF logs using Amazon OpenSearch Service. The code to deploy AWS Web Application Firewall, OpenSearch Service & Kinesis Data Firehose Delivery Stream is…

In Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3, a File Content Disclosure vulnerability exists where properly designed accept headers can reveal the contents of arbitrary files on the target system’s filesystem. Proof-of-Concept: Using burpsuite you can match and replace any header(This setting is used to automatically replace parts of…

NCIIPC stands for National Critical Information Infrastructure Protection Center. Responsible Vulnerability Disclosure Program is a great initiative by the NCIIPC to acknowledge security researchers for reporting critical bugs on government websites (*.gov.in). Link: https://nciipc.gov.in/RVDP.html Steps to Report: Find a bug (recommended). 😄 Fill the form https://nciipc.gov.in/documents/Vulnerability_Disclosure_Form.pdf.

Hey! In this blog, we are going to learn how to set up a simple and local HTTP server using Python. An HTTP server can be very useful for sharing files across multiple devices connected over the same network & for testing Web apps locally during development. To start with, …

Account Takeover using Update Password functionality + Weak Password Policy Hey! In this blog, I will show you how Update Password Functionality can turn into Account Takeover. Yes, as easy as it sounds. I have reported this issue on a website which was not having a bug bounty platform (not recommended unless you have permission to test). Proof of Concept:- …