The TrailShark Capture Utility seamlessly integrates with Wireshark, facilitating the capture of AWS CloudTrail logs directly into Wireshark for near-real-time analysis.
This tool can be used for debugging AWS API calls and played a pivotal role in our “Bucket Monopoly Research” project.
By leveraging this utility, we were able to understand the internal API calls made by AWS, leading to the discovery of critical vulnerabilities across different services.
This insight is invaluable for enhancing security measures and understanding AWS service interactions more deeply.
Note: The plugin has been tested on Linux and macOS, but it should work on Windows as well.
First, deploy the CloudFormation template to create the CloudTrail trail and configure S3 to store logs.
aws cloudformation create-stack --stack-name TrailShark --template-body aws/template.yaml --region {REGION}
Run the following script to install the wireshark plugin
./install-plugin.sh
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…