Beau Bullock

@dafthack@infosec.exchange
1.2K Followers
117 Following
26 Posts
Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | BreakForge Training | CoinSecPodcast Host | Cyberpunk synthwave metal producer at NOBANDWIDTH
YouTubehttps://www.youtube.com/channel/UCofqcI4SS_RTW6s-yB0NKdg
Githubhttps://github.com/dafthack
Twitterhttps://twitter.com/dafthack
NOBANDWIDTHhttps://www.nobandwidth.io/
LinkedInhttps://www.linkedin.com/in/beaubullock/
Beau BullockDec 16, 2022
sethsecDec 16, 2022
My first personal blog post in more than 5 years. A playful take on going from traditional internal penetration tester to cloud penetration tester.
https://sethsec.blogspot.com/2022/12/cloud-penetration-testing-not-your.html
Cloud penetration testing: Not your typical internal penetration test

There seems to be a common path for experienced penetration testers who are thrown into the world of cloud penetration testing. I'm talking ...

Beau BullockDec 15, 2022
Find Privilege Escalation Paths in Microsoft Azure with AzureHound https://youtube.com/watch?v=m33VeLRUi4w
Find Privilege Escalation Paths in Microsoft Azure with AzureHound

YouTube
Beau BullockDec 14, 2022
Michael OlsenDec 14, 2022
Today was one of the "I don't want to get up" sorta days. The garage is freezing, I'm feeling achy, and my personal life just feels kinda heavy. Well, I'm glad I showed up, cause I pushed some great new numbers and I feel more alive and capable than before I started. So if your brain is lying to you too, I hope this might help to hear.
Bonus, I also listened to @dafthack awesome album Glitch of Conciseness! So good!
Beau BullockDec 2, 2022
Antisyphon TrainingDec 1, 2022

Don't forget about next week's courses! There's still time to register. Check out the lineup below along with what tool/org the course will be donating 10% of its revenue to.

• "Introduction to Pentesting" | @strandjs | Dec. 5-8 | On-Demand available | Registration: https://cvent.me/al8Q5P | 10% donation: sqlmapproject

• "Breaching the Cloud" | @dafthack | Dec. 6-9 | On-Demand available | Registration: https://cvent.me/BWvnVm | 10% donation: Code.org

• "Security Defense and Detection TTX" | @infosystir & @cyborg00101 | Dec. 6-9 | Registration: https://cvent.me/Y1oKDd | 10% donation: Mental Health Hackers

Beau BullockNov 30, 2022
How to Find MFA Bypasses in Conditional Access Policies
https://www.youtube.com/watch?v=SK1zgqaAZ2E
How to Find MFA Bypasses in Conditional Access Policies

YouTube
Beau BullockNov 29, 2022
Antisyphon TrainingNov 28, 2022

Here's a past webcast, "Getting Started in Pentesting The Cloud–Azure," to get you ready for @dafthack 's "Breaching the Cloud" class next week!

https://www.youtube.com/watch?v=u_3cV0pzptY&t=0s

EDITED EDITION — Getting Started in Pentesting The Cloud–Azure | Beau Bullock | 1-Hour

YouTube
Beau BullockNov 27, 2022
Nick FrichetteNov 27, 2022
I wrote a short post on abusing misconfigured resource-based policies of AWS ECR private registries. They (hopefully) come up rarely, but it can be tricky to remember the syntax to authenticate with them. This step-by-step guide makes it easy :) https://hackingthe.cloud/aws/exploitation/Misconfigured_Resource-Based_Policies/misconfigured_ecr_resource_policy/
Abusing Misconfigured ECR Resource Policies - Hacking The Cloud

How to take advantage of misconfigured AWS ECR private repositories.

Beau BullockNov 23, 2022
Discover Publicly Exposed Cloud Resources in AWS https://youtu.be/7nzzbHI5VtQ
Discover Publicly Exposed Cloud Resources in AWS

YouTube
Beau BullockNov 18, 2022
How to Build a Cloud Hacking Lab
https://www.youtube.com/watch?v=4s_3oNwqImo
How to Build a Cloud Hacking Lab

YouTube
Beau BullockNov 18, 2022
Black Hills InfosecNov 18, 2022
Hello World!