Appsecco Research
Technical deep dives from the team that tests products for a living.
AWS misconfigurations are the #1 attack vector we find in product security assessments. These deep dives cover IAM, EC2, Lambda, App Runner, and cloud-native attack paths.
Part 2 of the IAM misconfiguration series: exploiting overly permissive CreatePolicyVersion permissions to escalate privileges and gain access to sensitive AWS resources like S3.
What happens when an attacker gains remote code execution in an AWS App Runner container — a research walkthrough of pivoting from RCE to stealing secrets from AWS Secrets Manager.
How attackers exploit AWS IAM misconfigurations — starting with a misconfigured AssumeRole policy — to perform privilege escalation and move laterally through cloud environments.
Container orchestration expands the attack surface. We test K8s clusters the way real attackers approach them — from RBAC to pod escapes.
Part 2 of Appsecco's Kubernetes pentest series, focusing on overprivileged RBAC, cloud IAM to Kubernetes mappings, and how attackers escape from cluster to cloud.
A practical rundown of the most common Kubernetes misconfigurations found during real pentests, covering network policy gaps, exposed API proxies, and service account privilege issues.
A transparent pentest post-mortem: how Appsecco attacked a well-architected AWS EKS product, what attack paths were tried, and which security design decisions stopped them cold.
When critical vulnerabilities emerge, we break them down with technical depth — what happened, how it was exploited, and what you should do about it.
Security guidance on the critical Apache Log4j JNDI injection vulnerability (CVE-2021-44228), covering how the exploit works, affected versions, and steps to detect and remediate it.
A technical overview of Zerologon (CVE-2020-1472), the CVSS 10 Windows Netlogon flaw that gives unauthenticated attackers domain admin — with detection, exploitation, patching, and monitoring guidance.
A technical analysis of the LastPass browser extension credential leak discovered by Google Project Zero: how the do_popupregister() bypass works and what it exposes.
Containers are only as secure as their configuration. Hardening guides and attack techniques for Docker and container runtimes.
Ten actionable Docker security practices — from keeping the host kernel patched to using AppArmor and dropping capabilities — to reduce the attack surface of containerised workloads.
Broken authentication is consistently in the OWASP Top 10. We cover identity platforms, session management, and auth bypass techniques — including Cognito and Google Identity Platform.
How misconfigured Google Cloud Identity Platform (Firebase) applications can leak API keys and auth tokens, allowing unauthenticated users to query, modify, or delete backend identity data.
Security architecture, authorization patterns, and engineering practices that make products harder to break.
A technical breakdown of the 2022 Uber breach: how dark web credentials, MFA fatigue attacks, and lateral movement through internal tooling led to full corporate access.
Microservices Authorization using Open Policy Agent and Traefik (API Gateway)
Ready to go deeper?
Every post we publish comes from real work with real products. Let us apply the same thinking to yours.
Get a security assessment