CloudFox v.1.13.0 is out with 2 new AWS commands and a bunch of updates.

* The new workloads command looks at EC2, Lambda, and ECS and highlights any workload that has an admin role attached, as well as any role that can privesc to admin!

* The new api-gws command contributed by Wyatt Dahlenburg finds all API gw endpoints and crafts custom curl commands for you with any API keys found in the endpoint metadata)

* The env-vars command has been upgraded to help you find secrets stored in environment variables. It highlights interesting variable names and creates a separate output file with just the interesting items.

* The role-trusts command has been upgraded to help you find overly permissive role trusts, particularly those that trust :root, without an ExternalID.

https://github.com/BishopFox/cloudfox

#cloudfox #cloudsecurity

You already know #CloudFox, now meet CloudFoxable created by Bishop Fox Cloud Security Practice Lead @sethsec! This tool is an intentionally vulnerable #AWS environment created to teach the art of AWS #Cloud #pentesting while showcasing CloudFox’s capabilities that can help you locate latent attack paths more effectively. Give it a go and let us know what you think!

https://bfx.social/43T4dtK

Explore our #GitHub and find a collection of #infosec tools like:
- The #cloudsecurity tool #CloudFox
- The #adversary emulation framework Sliver
- The redaction-reversing tool Unredacter

And much more; check it out today! https://github.com/BishopFox/