Researchs
  • About Me
  • Bypassing DEP - Increasing the Gap
  • Hijacking Cloud CI/CD Systems for Fun and Profit
  • Found some Access Keys?
  • AWS Cloud Security
    • AWS Cloud Researchs
      • AWS and the Secrets Exposed on Public ECR Repository
    • Hacking API Gateway
      • API Gateway - Security
      • API Gateway API Calls
    • Hacking S3
      • S3 - Security
      • S3 API Calls
    • Hacking Cognito
      • Cognito - Security
      • Cognito - API Calls
    • Hacking Lamda
      • Lambda - Security
      • Lambda - API Calls
    • Hacking Cloudbuild
      • Cloudbuild - Security
      • Cloudbuild - API Calls
    • AWS Services
  • Windows Security Research
    • Exploit Development
      • RTCore64.sys - CVE-2019-16098
      • Mouse Server
      • mskssrv.sys - CVE-2023–29360
    • Fuzzing
      • WTF
  • Supply Chain Research
    • Abusing Netlify Functions
  • Reverse Engineering
    • Reversing.kr
      • Easy_CrackMe
      • Easy KeyGen
  • Failed Research Attempts
    • Github Actions - Cloud
    • CloudTrail
Powered by GitBook
On this page
  1. AWS Cloud Security
  2. AWS Cloud Researchs

AWS and the Secrets Exposed on Public ECR Repository

This article shows some insights into how many secrets are exposed in public ECR in AWS and how a threat actor is just a container away to get their hands on those secrets.

PreviousAWS Cloud ResearchsNextHacking API Gateway

Last updated 1 year ago

This study was done around the year 2022 so results might vary. AWS has a public ECR component very similar to public Dockerhub where anyone can upload their docker images to be used publicly. This introduces similar threats where developers mistakenly embed secrets in their images and push them publicly.

A similar type of research has been done for Public Dockerhub but with cloud presence increasing, the number of images in ECR is growing continuously day by day.

Technical Details

The first challenge here is to get a list of all such organizations on gallery.

[WIP]

http://public.ecr.aws/