{"version":1,"pages":[{"id":"-M6yZZVDgxrHqLyb2Nah","title":"Pepperclipp","pathname":"/pepperclipp-public","siteSpaceId":"sitesp_QXQs3","description":"I created this site to share my knowledge on Pentesting, Defenses, Bypassing defenses and Programming, but not only."},{"id":"Q0OK9En8ZBoHdtDGmtjP","title":"Hacking DigitalOcean for fun and Profit","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit","siteSpaceId":"sitesp_QXQs3","description":"This will be a series of blogs on my research related to attacking Digital Ocean based infrastructures. For any suggestions, please contact me on e-mail, Twitter or LinkedIn."},{"id":"NfptMBfNXwX2pn4vu9Bb","title":"Digital Ocean Overview","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/digital-ocean-overview","siteSpaceId":"sitesp_QXQs3","description":"We will start with a bit of basics on Digital Ocean and continue from there. This is not a Digital Ocean Tutorial, nor a marketing for it. I'm just giving an overview for latter blogs.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"L7JPIK5HBxE5Tb6NdHmJ","title":"Reconnaissance","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/reconnaissance","siteSpaceId":"sitesp_QXQs3","description":"In this step, we will look at how to get information online using DigitalOcean's services features. I will presume you have some knowledge on Pentesting at least a cloud provider.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"sUz62rMtDdSHNxTzq743","title":"Initial Access","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/initial-access","siteSpaceId":"sitesp_QXQs3","description":"We will be looking at Initial Access methods on Digital Ocean, like Droplet Access, API, Phishing, Kubernetes and Container Registry Access, etc.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"JavUT8ffSnhEcrndgG8i","title":"Enumeration","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/enumeration","siteSpaceId":"sitesp_QXQs3","description":"Now that we get access to the Infrastructure, we can start looking at what can we enumerate from it.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"-MYS6QMsjjRl6ynewxgP","title":"Nebula","pathname":"/pepperclipp-public/projects/nebula","siteSpaceId":"sitesp_QXQs3","description":"This will be a group of articles on how to pentest cloud using Nebula (but not only)","breadcrumbs":[{"label":"Projects"}]},{"id":"-MYS6bRQSuf24ATpwNyQ","title":"Nebula","pathname":"/pepperclipp-public/projects/nebula/nebula","siteSpaceId":"sitesp_QXQs3","description":"Cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"}]},{"id":"-MYS6xconIIs-zmQlBsm","title":"Enumeration","pathname":"/pepperclipp-public/projects/nebula/enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"}]},{"id":"-MYS6gb2FNWH9r9j98JK","title":"IAM Enumeration","pathname":"/pepperclipp-public/projects/nebula/enumeration/iam-enum","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6nlI2Wq2Z2vt_nBM","title":"EC2 Enumeration","pathname":"/pepperclipp-public/projects/nebula/enumeration/ec2-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6rBrSJk7ia_2zf1S","title":"S3 Enumeration","pathname":"/pepperclipp-public/projects/nebula/enumeration/s3-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6tFzrzkQPx8c1qom","title":"Lambda Enumeration","pathname":"/pepperclipp-public/projects/nebula/enumeration/lambda-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MeUDK3d21ev6Utew4ES","title":"Exploitation","pathname":"/pepperclipp-public/projects/nebula/exploitation","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"}]},{"id":"-MeUDVZwRMX-tiMvUaG1","title":"Reverse Shell","pathname":"/pepperclipp-public/projects/nebula/reverse-shell","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"}]},{"id":"-MeUDaKCPqIDR9XJEkha","title":"Detection Bypass","pathname":"/pepperclipp-public/projects/nebula/detection-bypass","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Projects"},{"label":"Nebula"}]},{"id":"iuA1g4L4D3nXO4EXiFsF","title":"Presentations","pathname":"/pepperclipp-public/presentations","siteSpaceId":"sitesp_QXQs3","description":"PDFs of presentations I have been part of."},{"id":"fNby8OVRGVULetboCAoX","title":"Dump LSASS when Debug Privilege is disabled","pathname":"/pepperclipp-public/windows/dump-lsass-when-debug-privilege-is-disabled","siteSpaceId":"sitesp_QXQs3","description":"To dump LSASS, weather using Mimikatz, ProcDump or other ways, the user will need to have DebugPrivilege in order to create a memory dump.","breadcrumbs":[{"label":"Windows"}]},{"id":"IzTy8xua1X8TPyIBf0nG","title":"OpenClaw: The AI that actually does (malicious) things","pathname":"/pepperclipp-public/others/openclaw-the-ai-that-actually-does-malicious-things","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Exaforce Substack: https://theforcemultiplier.substack.com/p/openclaw-the-ai-that-actually-does","breadcrumbs":[{"label":"Others"}]},{"id":"qW3JJWKVhmg9p0VhWlCP","title":"Now You See Me, Now You Don't - Analyzing an invisible Blockchain C2 implant","pathname":"/pepperclipp-public/others/now-you-see-me-now-you-dont-analyzing-an-invisible-blockchain-c2-implant","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Klesti Fetiu on Exaforce Substack: https://substack.com/home/post/p-190900133","breadcrumbs":[{"label":"Others"}]},{"id":"91lThAoedabDmnK2Q29a","title":"The Phishing Matryoshka: Unpacking a BEC to AiTM Nested Attack Chain","pathname":"/pepperclipp-public/others/the-phishing-matryoshka-unpacking-a-bec-to-aitm-nested-attack-chain","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Joseph Odyn at Exaforce: https://www.exaforce.com/blogs/aitm-phishing-matryoshka","breadcrumbs":[{"label":"Others"}]},{"id":"wZ4Xo505UYnrxqE2xyMJ","title":"Introducing YetiHunter: An open-source tool to detect and hunt for suspicious activity in Snowflake","pathname":"/pepperclipp-public/others/introducing-yetihunter-an-open-source-tool-to-detect-and-hunt-for-suspicious-activity-in-snowflake","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Permiso's blog: https://permiso.io/blog/introducing-yetihunter-an-open-source-tool-to-detect-and-hunt-for-suspicious-activity-in-snowflake","breadcrumbs":[{"label":"Others"}]},{"id":"6NZNVsH5BEpCHhgfudDm","title":"There’s a bot in my boot! Finding if hackerbot-claw tried tampered with your workflows","pathname":"/pepperclipp-public/github/theres-a-bot-in-my-boot-finding-if-hackerbot-claw-tried-tampered-with-your-workflows","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Aqsa Taylor on Exaforce's blog: https://www.exaforce.com/blogs/hackerbot-claw-research","breadcrumbs":[{"label":"GitHub"}]},{"id":"w2LyRuN6aZ0rnkh4V1Ql","title":"There’s a snake in my package! How attackers are going from code to coin","pathname":"/pepperclipp-public/github/theres-a-snake-in-my-package-how-attackers-are-going-from-code-to-coin","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Exaforce's blog: https://www.exaforce.com/blogs/snake-in-my-package-npm-wallet-hijack","breadcrumbs":[{"label":"GitHub"}]},{"id":"l2xDKSWTJijxKZifwEnP","title":"Feeding the worm a soft cloudy bun: The second coming of Shai-Hulud","pathname":"/pepperclipp-public/github/feeding-the-worm-a-soft-cloudy-bun-the-second-coming-of-shai-hulud","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Taylor Smith on Exaforce's blog: https://www.exaforce.com/blogs/feeding-the-worm-a-soft-cloudy-bun-the-second-coming-of-shai-hulud","breadcrumbs":[{"label":"GitHub"}]},{"id":"1AzwMgq2mdLHuMleeWr2","title":"To CNAME or not to CNAME: That is the (Enumeration) Question","pathname":"/pepperclipp-public/azure/to-cname-or-not-to-cname-that-is-the-enumeration-question","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Klesti Fetiu on Exaforce Substack: https://theforcemultiplier.substack.com/p/to-cname-or-not-to-cname-that-is","breadcrumbs":[{"label":"Azure"}]},{"id":"suTbEMx4a6DdAOERhQGn","title":"Ghost in the Script: Impersonating Google App Script projects for stealthy persistence","pathname":"/pepperclipp-public/gcp/ghost-in-the-script-impersonating-google-app-script-projects-for-stealthy-persistence","siteSpaceId":"sitesp_QXQs3","description":"Article originally co-authored with Jakub Pavlik on Exaforce's blog: https://www.exaforce.com/blogs/ghost-in-the-script","breadcrumbs":[{"label":"GCP"}]},{"id":"VpAnHeZInzqJrFDFOoOs","title":"The log rings don’t lie: historical enumeration in plain sight","pathname":"/pepperclipp-public/aws/the-log-rings-dont-lie-historical-enumeration-in-plain-sight","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Exaforce's blog:https://www.exaforce.com/blogs/log-rings-dont-lie-historical-enumeration-in-plain-sight","breadcrumbs":[{"label":"AWS"}]},{"id":"7MVKtxmfFWueqhGr4HaA","title":"Do you feel in control? Analysis of AWS CloudControl API as an attack tool","pathname":"/pepperclipp-public/aws/do-you-feel-in-control-analysis-of-aws-cloudcontrol-api-as-an-attack-tool","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Exaforce's blog:https://www.exaforce.com/blogs/feel-in-control-analysis-of-aws-cloudcontrol-api","breadcrumbs":[{"label":"AWS"}]},{"id":"n0Wc0Szclxzh9Q1rOwms","title":"An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed AD","pathname":"/pepperclipp-public/aws/an-arrow-to-the-heel-abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-ad","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Permiso's blog: https://permiso.io/blog/abusing-default-machine-joining-to-domain-permissions-to-attack-aws-managed-active-directory","breadcrumbs":[{"label":"AWS"}]},{"id":"DgfORRgaJW6ZI3LmcpqW","title":"RansomWhen??? I Never Even Noticed It…","pathname":"/pepperclipp-public/aws/ransomwhen-i-never-even-noticed-it...","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Permiso's blog: https://permiso.io/blog/ransomwhen-i-did-not-even-notice-it","breadcrumbs":[{"label":"AWS"}]},{"id":"44xITyXFGQAfgdNLs5KF","title":"Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy","pathname":"/pepperclipp-public/aws/breaking-free-from-the-chains-of-fate-bypassing-awscompromisedkeyquarantinev2-policy","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Permiso's blog: https://permiso.io/blog/introducing-detention-dodger","breadcrumbs":[{"label":"AWS"}]},{"id":"-MeUDiwZarzo7kFhuhez","title":"Enumerate IAM Privileges dinamically","pathname":"/pepperclipp-public/aws/enumerate-iam-privileges-dinamically","siteSpaceId":"sitesp_QXQs3","description":"This is a cool way to automate the process of enumerating the Credentials in AWS that I came up for Nebula.","breadcrumbs":[{"label":"AWS"}]},{"id":"u7YPf3KaEjuH6pZwm0sQ","title":"How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMM","pathname":"/pepperclipp-public/aws/how-using-deprecated-policies-creates-overprivileged-permissions-amazonec2roleforssm-vs-amazonssmm","siteSpaceId":"sitesp_QXQs3","description":"Article originally posted on Permiso's Blog https://permiso.io/blog/s/deprecated-aws-policy-amazonec2roleforssm/.","breadcrumbs":[{"label":"AWS"}]},{"id":"7pAMQwBQMaLA68VAqe59","title":"Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets","pathname":"/pepperclipp-public/encrypting-buckets-for-compliance-and-ransom-how-attackers-can-use-kms-to-ransomware-s3-buckets","siteSpaceId":"sitesp_QXQs3","description":"A successful ransomware attack is the culmination of numerous steps by a determined attacker: gaining initial access to the victim’s environment, reaching enumerating level of privilege to identify se"},{"id":"jEVqVS4QEE1gFOEhtpXt","title":"A tag to rule them all: Using AWS tags to enumerate cloud resources","pathname":"/pepperclipp-public/a-tag-to-rule-them-all-using-aws-tags-to-enumerate-cloud-resources","siteSpaceId":"sitesp_QXQs3","description":"Infrastructure Enumeration is the process of gathering information about a target, after gaining initial access. Enumeration depends on the level of privileges an attacker gets on the initial access"}]}