Resources

Research, Knowledge, and Tools

Tools

AWSTRACER

An Anvil CLI utility that will allow you to trace and replay AWS commands.

AWSSIG

Anvil Ventures' Burp extension for signing AWS requests with SigV4.

DAWGMON

Dawg the hallway monitor: monitor operating system changes and analyze introduced attack surface when installing software. See the introductory blogpost

White Papers

Defeating Secure Boot Protections With Symlink and Hard Link Attacks

The white paper demonstrates the use of file systems features of a non-verified partition such as symbolic links (symlinks)  to defeat secure boot protection.