unicrons.cloud

WriteUp: Cloud Village CTF DEFCON 33

Andoni Alonso — Sun, 31 Aug 2025 00:00:00 +0000

WriteUp: Cloud Village CTF DEFCON 33

Once again, we couldn't resist the call of a CTF scoreboard! 🎯 This time, we participated in the Cloud Village CTF at DEFCON 33.

![Cloud Village CTF](../assets/images/writeup-cloud-village-ctf-2025/ctf.png){ width="500" }

We managed to solve 13 out of 25 challenges and secured a Top 10 finish out of 146 teams! :material-podium:

WriteUp: Cloud Security Championship #2 - Contain Me If You Can

Andoni Alonso — Fri, 15 Aug 2025 00:00:00 +0000

The second challenge of the Cloud Security Championship organized by Wiz is called Contain Me If You Can. This time we need to escape from a containerized environment to retrieve the flag located at /flag on the host's filesystem.

![Contain Me If You Can](../assets/images/writeup-cloudsecuritychampionship-2/contain-me-if-you-can.png){ width="550" } [Cloud Security Championship #2](https://cloudsecuritychampionship.com/challenge/2)

WriteUp: Cloud Security Championship #1 - Perimeter Leak

Samuel Burgos — Tue, 01 Jul 2025 00:00:00 +0000

The Cloud Security Championship organized by Wiz has launched its first challenge. Over the next 12 months, they will be publishing different challenges, each prepared by one of their researchers.

This first challenge is called Perimeter Leak and tells us that we must find a secret in an S3 bucket.

![Perimeter Leak](../assets/images/writeup-cloudsecuritychampionship-1/perimeter-leak.png){ width="550" } [Cloud Security Championship #1](https://cloudsecuritychampionship.com/challenge/1)

aws-root-manager: A tool to manage root access in your AWS organization

Samuel Burgos — Fri, 21 Mar 2025 00:00:00 +0000

`aws-root-manager`: Manage AWS root access in your organization

In AWS, managing root credentials has always been a friction point for organization administrators. Every time a new account was created, we had to configure MFA for root access following best practices and the maturity model. However, enabling MFA is a manual step, and with AWS Organizations, this problem scaled. We could ignore it, apply an SCP to block actions performed with the root user, and deal with the failed check reported by all security tools.

In 2023, AWS announced that MFA would become mandatory, and the time is near. On March 24, 2025, registering an MFA will be required when using the root user.

To address this issue, on November 15, 2024, AWS announced a new feature that allows centralized root access management within an organization without having to manually intervene in each account. However, if we have a large number of accounts, performing the actions one by one is not the most convenient approach.

To simplify this management, we have created aws-root-manager :simple-github:, a tool that efficiently and automatically manages the state of root credentials across all accounts in an organization.

![logo](../assets/images/aws-root-manager/logo.png){ width="200"}

IAM policy mishaps: Case 2 - SNS

Samuel Burgos — Fri, 21 Feb 2025 00:00:00 +0000

IAM policy mishaps: Case 2 - SNS

Did you think we had forgotten about the IAM series? Well, you were right. Sorry for the delay, but here we are again.

Today, we are going to talk about Amazon Simple Notification Service (SNS).

!!! info Demo Repository Remember that if you want to try the examples we are presenting, check out our repo :simple-github:.

We have prepared the different scenarios in Terraform :simple-terraform:.

Import your Powerpipe results into AWS SecurityHub

Samuel Burgos — Fri, 18 Oct 2024 00:00:00 +0000

Continuing with what we saw in Automate your Steampipe AWS configuration with AWS Organizations, we have developed a powerpipe-securityhub-importer :simple-github: to import the results of your controls in AWS SecurityHub.

Powerpipe allows us to run benchmarks that, through Steampipe, provide us with the results of our controls.

![architecture](../assets/images/powerpipe-securityhub-importer/flow.png#only-light) ![architecture](../assets/images/powerpipe-securityhub-importer/flow_dark.png#only-dark)

Automate your Steampipe AWS configuration with AWS Organizations

Samuel Burgos — Fri, 18 Oct 2024 00:00:00 +0000

This time we bring you our first public tool!

If you use Steampipe with your AWS organization, this will interest you. We have built this tool to automate the creation and maintenance of the configuration files necessary to work with all the accounts in an AWS organization.

![architecture](../assets/images/steampipe-config-generator/flow.png#only-light) ![architecture](../assets/images/steampipe-config-generator/flow_dark.png#only-dark)

Deploy IAM Roles across an AWS Organization as code

Samuel Burgos — Mon, 14 Oct 2024 00:00:00 +0000

In environments with multiple AWS accounts, managing roles can be a challenge. AWS IAM offers us a robust solution for managing roles within each account, but when it comes to consistently implementing roles across all accounts in an organization, the task can become complex.

In this post, we will see how to automatically deploy IAM roles across all accounts in an AWS organization as code, using CloudFormation, Organizations, and Terraform.

![architecture](../assets/images/aws-organization-roles/architecture.png#only-light) ![architecture](../assets/images/aws-organization-roles/architecture_dark.png#only-dark)

WriteUp: Cloud Village CTF 2024

Samuel Burgos — Tue, 13 Aug 2024 00:00:00 +0000

You know we can't resist anything with a scoreboard and related to the cloud... And neither distance nor time zones were going to stop us from giving a shot at the CTF organized by Cloud Village at #DEFCON32 last weekend.

![CTF Cloud Village](../assets/images/writeup-cloud-village-ctf-2024/ctf-presentation.png){ width="450" } [ctf.cloud-village.org](https://ctf.cloud-village.org/)

IAM policy mishaps: Case 1 - S3

Samuel Burgos — Sat, 01 Jun 2024 00:00:00 +0000

IAM policy mishaps: Case 1 - S3

Continuing with the series of posts related to IAM misconfigurations, we are going to delve a bit into its use focused on the AWS S3 service.

To do this, we will look at the different ways we can control the security of the service and how dangerous it is to apply a policy without clearly understanding what it does.

!!! info Demo repository If you want to directly try the examples we are going to present, take a look at our repo :simple-github:.

We have prepared different scenarios in Terraform :simple-terraform:.

IAM policy mishaps: Intro to IAM

Samuel Burgos — Tue, 20 Feb 2024 00:00:00 +0000

IAM policy mishaps: Intro to IAM

This post is based on the introduction of the talk IAM policy mishaps: A cautionary tale of cloud misconfigurations that we presented on Saturday, January 27th, at Sh3llCON (Reinosa). It is going to be the first in a series about IAM misconfigurations (yes, unfortunately, it's a topic that provides enough material for a series).

unicrons.cloud

WriteUp: Cloud Village CTF DEFCON 33

WriteUp: Cloud Village CTF DEFCON 33

WriteUp: Cloud Security Championship #2 - Contain Me If You Can

WriteUp: Cloud Security Championship #1 - Perimeter Leak

aws-root-manager: A tool to manage root access in your AWS organization

aws-root-manager: Manage AWS root access in your organization

IAM policy mishaps: Case 2 - SNS

IAM policy mishaps: Case 2 - SNS

Import your Powerpipe results into AWS SecurityHub

Automate your Steampipe AWS configuration with AWS Organizations

Deploy IAM Roles across an AWS Organization as code

WriteUp: Cloud Village CTF 2024

IAM policy mishaps: Case 1 - S3

IAM policy mishaps: Case 1 - S3

IAM policy mishaps: Intro to IAM

IAM policy mishaps: Intro to IAM

`aws-root-manager`: Manage AWS root access in your organization