{"version":1,"pages":[{"id":"-M6yZZVDgxrHqLyb2Nah","title":"Pepperclipp","pathname":"/pepperclipp-public","siteSpaceId":"sitesp_QXQs3","description":"I created this site to share my knowledge on Pentesting, Defenses, Bypassing defenses and Programming, but not only."},{"id":"-MYS6QMsjjRl6ynewxgP","title":"Nebula","pathname":"/pepperclipp-public/nebula","siteSpaceId":"sitesp_QXQs3","description":"This will be a group of articles on how to pentest cloud using Nebula (but not only)"},{"id":"-MYS6bRQSuf24ATpwNyQ","title":"Nebula","pathname":"/pepperclipp-public/nebula/nebula","siteSpaceId":"sitesp_QXQs3","description":"Cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.","breadcrumbs":[{"label":"Nebula"}]},{"id":"-MYS6xconIIs-zmQlBsm","title":"Enumeration","pathname":"/pepperclipp-public/nebula/enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"}]},{"id":"-MYS6gb2FNWH9r9j98JK","title":"IAM Enumeration","pathname":"/pepperclipp-public/nebula/enumeration/iam-enum","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6nlI2Wq2Z2vt_nBM","title":"EC2 Enumeration","pathname":"/pepperclipp-public/nebula/enumeration/ec2-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6rBrSJk7ia_2zf1S","title":"S3 Enumeration","pathname":"/pepperclipp-public/nebula/enumeration/s3-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MYS6tFzrzkQPx8c1qom","title":"Lambda Enumeration","pathname":"/pepperclipp-public/nebula/enumeration/lambda-enumeration","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"},{"label":"Enumeration"}]},{"id":"-MeUDK3d21ev6Utew4ES","title":"Exploitation","pathname":"/pepperclipp-public/nebula/exploitation","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"}]},{"id":"-MeUDVZwRMX-tiMvUaG1","title":"Reverse Shell","pathname":"/pepperclipp-public/nebula/reverse-shell","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"}]},{"id":"-MeUDaKCPqIDR9XJEkha","title":"Detection Bypass","pathname":"/pepperclipp-public/nebula/detection-bypass","siteSpaceId":"sitesp_QXQs3","description":"","breadcrumbs":[{"label":"Nebula"}]},{"id":"Q0OK9En8ZBoHdtDGmtjP","title":"Hacking DigitalOcean for fun and Profit","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit","siteSpaceId":"sitesp_QXQs3","description":"This will be a series of blogs on my research related to attacking Digital Ocean based infrastructures. For any suggestions, please contact me on e-mail, Twitter or LinkedIn."},{"id":"NfptMBfNXwX2pn4vu9Bb","title":"Digital Ocean Overview","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/digital-ocean-overview","siteSpaceId":"sitesp_QXQs3","description":"We will start with a bit of basics on Digital Ocean and continue from there. This is not a Digital Ocean Tutorial, nor a marketing for it. I'm just giving an overview for latter blogs.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"L7JPIK5HBxE5Tb6NdHmJ","title":"Reconnaissance","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/reconnaissance","siteSpaceId":"sitesp_QXQs3","description":"In this step, we will look at how to get information online using DigitalOcean's services features. I will presume you have some knowledge on Pentesting at least a cloud provider.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"sUz62rMtDdSHNxTzq743","title":"Initial Access","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/initial-access","siteSpaceId":"sitesp_QXQs3","description":"We will be looking at Initial Access methods on Digital Ocean, like Droplet Access, API, Phishing, Kubernetes and Container Registry Access, etc.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"JavUT8ffSnhEcrndgG8i","title":"Enumeration","pathname":"/pepperclipp-public/hacking-digitalocean-for-fun-and-profit/enumeration","siteSpaceId":"sitesp_QXQs3","description":"Now that we get access to the Infrastructure, we can start looking at what can we enumerate from it.","breadcrumbs":[{"label":"Hacking DigitalOcean for fun and Profit"}]},{"id":"iuA1g4L4D3nXO4EXiFsF","title":"Presentations","pathname":"/pepperclipp-public/presentations","siteSpaceId":"sitesp_QXQs3","description":"PDFs of presentations I have been part of."},{"id":"-MeUDiwZarzo7kFhuhez","title":"Enumerate IAM Privileges dinamically","pathname":"/pepperclipp-public/other-articles/enumerate-iam-privileges-dinamically","siteSpaceId":"sitesp_QXQs3","description":"This is a cool way to automate the process of enumerating the Credentials in AWS that I came up for Nebula.","breadcrumbs":[{"label":"Other Articles"}]},{"id":"fNby8OVRGVULetboCAoX","title":"Dump LSASS when Debug Privilege is disabled","pathname":"/pepperclipp-public/other-articles/dump-lsass-when-debug-privilege-is-disabled","siteSpaceId":"sitesp_QXQs3","description":"To dump LSASS, weather using Mimikatz, ProcDump or other ways, the user will need to have DebugPrivilege in order to create a memory dump.","breadcrumbs":[{"label":"Other Articles"}]},{"id":"7pAMQwBQMaLA68VAqe59","title":"Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets","pathname":"/pepperclipp-public/encrypting-buckets-for-compliance-and-ransom-how-attackers-can-use-kms-to-ransomware-s3-buckets","siteSpaceId":"sitesp_QXQs3","description":"A successful ransomware attack is the culmination of numerous steps by a determined attacker: gaining initial access to the victim’s environment, reaching enumerating level of privilege to identify se"},{"id":"jEVqVS4QEE1gFOEhtpXt","title":"A tag to rule them all: Using AWS tags to enumerate cloud resources","pathname":"/pepperclipp-public/a-tag-to-rule-them-all-using-aws-tags-to-enumerate-cloud-resources","siteSpaceId":"sitesp_QXQs3","description":"Infrastructure Enumeration is the process of gathering information about a target, after gaining initial access. Enumeration depends on the level of privileges an attacker gets on the initial access"}]}