Attack & Defense Guide
Service Control Policies (SCPs) are hard boundaries.
If an SCP explicitly denies ec2:ImportImage, the action cannot be performed by any principal — including root.
RajChowdhury240
/ tcc.txt
Created
February 5, 2026 13:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://0day.gg/blog/claude-desktop-tcc-bypass/ |
RajChowdhury240
/ PoC.md
Last active
February 3, 2026 16:07
RajChowdhury240
/ done.md
Created
February 3, 2026 16:04
To restrict the ec2:ImportImage action in a corporate network using an IAM policy. This is an AWS security question about preventing users from importing custom images (which could contain malware, backdoors, or unauthorized software) into the corporate AWS environment.
-
Deny the action - Use Deny effect to block ec2:ImportImage
-
Conditions - Could add conditions like:
- Source IP restrictions (corporate network CIDR)
- VPC endpoint conditions
- Tag-based restrictions
- Resource-based restrictions
RajChowdhury240
/ PoC.md
Created
February 3, 2026 14:56
RajChowdhury240
/ dl.py
Last active
February 4, 2026 17:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| AWS Sandbox Account Role Scanner | |
| Scans sandbox accounts for roles with 'sandbox-' prefix that don't have matching policies | |
| """ | |
| import boto3 | |
| import csv | |
| import json | |
| from concurrent.futures import ThreadPoolExecutor, as_completed |
RajChowdhury240
/ vulns.md
Created
January 28, 2026 22:26
This guide is for educational purposes and authorized security testing only. Do not attempt these exploits without explicit permission from system owners. Unauthorized access to computer systems is illegal and may result in criminal prosecution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://www.youtube.com/watch?v=CEvIs9y1uog |
RajChowdhury240
/ docker-compose.yml
Created
January 25, 2026 17:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.8' | |
| services: | |
| database: | |
| image: mysql:8.0 | |
| container_name: woo-lucky-wheel-db | |
| restart: always | |
| environment: | |
| MYSQL_ROOT_PASSWORD: rootpassword123 | |
| MYSQL_DATABASE: wordpress |
RajChowdhury240
/ final-finding.htm
Created
January 20, 2026 01:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title = "SSTI RCE Final Findings" | |
| url = "/ssti-findings" | |
| layout = "default" | |
| == | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>SSTI RCE Research - Final Findings</title> | |
| <style> |
RajChowdhury240
/ final-ssti.htm
Created
January 20, 2026 01:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title = "Final SSTI Exploit" | |
| url = "/final-ssti" | |
| layout = "default" | |
| == | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>SSTI Safe Mode Bypass - FINAL</title> | |
| <style> |
NewerOlder