Introduction Highly inspired by the work done by the guys at Wiz ( https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities ), I decided to do some research on the applications that provide PaaS managed services. The areas which I focused on are Coding Platforms Managed Service Platforms Every service provider did their best to ensure the isolation of user data. Some tried via roles and permission, while others tried VM level isolation. While there can be reasons of costs and other valid opinions for choosing options, it should not be forgotten that trial user accounts can be operated by malicious users and they will try to misuse the services for fun or profit. Here we will discuss such few cases Some of these risks are by design and vendors are aware of them. To ensure they are not abused, I will try not to name them. In this blog, I will discuss various classes of exploitations that I was able to perform. It is very important to note each of the accoun
Web - Network - System - Mobile - Cloud - Automotive - Embedded - Internet Of Things (IOT)