Naikordian

Introduction I saw some vendors have a detection rule about AWS Console brute force login and I was curious if there any AWS console brute force tool. So I start google but found nothing and I think there should be a way to brute force. How does console sign in work? When you click “Sign in” the console will send login data to https://signin.aws.amazon.com/authenticate and return a response if the user enable MFA:

Continue reading 