Alan Miller  🇺🇦3d ago
watchTowr

~150 S3 abandoned buckets. 8M+ requests. Two months. Software updates, binaries, VMs and more.

This week, AWS rolled out namespaces for new S3 buckets - finally.

This is why offensive security research is so important - to move the needle.

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t they just stick to creating poor-quality memes?” we hear you moan. Maybe we should, maybe

watchTowr Labs
Mar 20 at 9:26pmWeb
Show threadwatchTowr3d ago
"but watchTowr, why did this take AWS so long?"
Show threadda_6673d ago
@watchTowr because there's money to be made in prolonging deeply stupid decisions in the cloud.
Show threadwatchTowr3d ago
@da_667
Show threadda_6673d ago
@watchTowr
Show threadda_6673d ago
@watchTowr and if it hasn't been registered by the end of the week, I'm registering the finest memes bucket
Show threadAndrew Golding3d ago
@da_667 @watchTowr
Show threadReed Mideke3d ago
@watchTowr
Show threadTaffer 🇨🇦2d ago
@watchTowr Having worked there, I have a few ideas why.
Show threadViss3d ago

@watchTowr dude i had a lot of really good luck with the beef framework!

... when i got it to work

.. when it wouldnt crash when people hit my payload

.. if it stayed up for more than 30 minutes.

.. and if fewer than 3 people hit it at once.

Show threadFritz Adalis3d ago
@watchTowr @ha888t
Did you detect anyone trying to write to buckets?
Show threadLumiWorx3d ago

@watchTowr

Peeling back one teeny layer to open a massive abyss is not what I would have expected. Just... absolutely wowed that this was possible.

Show threadmaaneeack3d ago
@watchTowr Are S3 buckets the new opendirectories?
Show threadfuzzyfuzzyfungus2d ago
@watchTowr This is 'grim dispatches from war correspondents' tier; hopefully with a commensurate impact on public perception.
Show threadViolet/Multi2d ago

@watchTowr

As always, what we didn’t anticipate was how this would turn out (you could argue that we regularly seem to underestimate what is about to happen).

ngl I like my security reporting much more that way. Less of a crazed hype seeking for something to exploit for attention, more focused seeking something that is an actual problem