AWS ECR Public Vulnerability

By: Gafnit Amiga
Dec 13, 2022

Executive Summary I discovered a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong t...

AWS RDS Vulnerability Leads to AWS Internal Service Credentials

By: Gafnit Amiga
Apr 11, 2022

TL; DR Panoptica's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, re...

Amazon Redshift – COPY The Risk

By: Dana Tsymberg
Mar 24, 2022

TL;DR Amazon Redshift is a fully managed petabyte-scale data warehouse service in the cloud, designed specifically for online analytics processing (OLAP) and business intelligence (BI) applications, which require complex queries against large dat...