Hacking the Cloud
ICYMI: Our latest article covers Daniel Grzelak's research on how AWS error messages can reveal publicly exposed resources, without needing access! We cover how to use them for enumeration and detection.
https://hackingthe.cloud/aws/enumeration/detect_public_resource_exposure_via_error_messages/
Detect Public Resource Exposure via Session Policy Error Messages - Hacking The Cloud

Use session policy denials and verbose IAM error messages to determine if AWS resources have public resource-based policies.

Mar 23 at 2:01pmWeb