0x55aa | Ilya Kobzar

EC2 IAM role STS credentials compromise via IMDS

Exploring how temporary credentials obtained through AWS Instance Metadata Service can be extracted and used both inside and outside EC2 instances, and analyzing their visibility in CloudTrail logs.

READ THE LATEST

Recent posts

View all

Revisiting ShellBags in Windows 11

Does Windows 11 treat ShellBags differently?

Feb 15, 2025 • Ilya Kobzar

LevelDB WAL log - extracting ChatGPT conversations

Write-ahead log analysis

Jan 31, 2025 • Ilya Kobzar

Diving into Master Boot Record

Parsing the sector 0

Jan 26, 2025 • Ilya Kobzar

Behavioral analysis of user file operations with SRUM

Unveiling forensic insights and pitfalls of SRUM data

Jan 16, 2025 • Ilya Kobzar

0x55aa

Computer forensics and malware analysis blog.

Links

GitHub

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts