Made a few formatting changes

content/aws/enumeration/discover_secrets_in_public_aims.md

@@ -4,11 +4,17 @@ title: Discover secrets in public AMIs
 description: How to find public AMIs and get stored secrets.
 ---
 
-## Discover Secrets in Public AMIs
+<div class="grid cards" markdown>
+-   :material-account:{ .lg .middle } __Original Research__
+
+    ---
+
+    [AWS CloudQuarry: Digging for Secrets in Public AMIs](https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/) by [Eduard Agavriloae](https://www.linkedin.com/in/eduard-k-agavriloae/) and [Matei Josephs](https://www.linkedin.com/in/matei-anthony-josephs-325ba5199/).
+</div>
 
 For EC2 instances, Amazon Machine Images (AMIs) are crucial as they contain the essential information required to launch instances, including the operating system, configuration files, software, and relevant data. A significant security consideration of these AMIs is that they can be (either accidentally or intentionally) made public, thus accessible for anyone to utilize and potentially exploit.
 
-### Finding Exposed AMIs
+## Finding Exposed AMIs
 
 Many instances of resource exposure (and subsequent exploitation) in AWS necessitate knowing the AMI ID. This offers some level of security-by-obscurity as an attacker needs the AMI ID to exploit the resource.
 
@@ -28,16 +34,12 @@ To launch an instance from a public AMI, follow these steps:
 
 1. **Launch an Instance:**  
 Using the AWS CLI, launch an instance using the desired AMI:
-
 ```bash
 aws ec2 run-instances --image-id <image_id> --instance-type t2.micro --key-name <key-pair>
 
 ```
-
 2. **Access the Instance:**  
-
 Once the instance is running, connect to it using Session Manager or SSH:
-
 ```bash
 ssh -i <your-key-pair>.pem ec2-user@<public-dns-of-instance>
 ```
@@ -47,35 +49,27 @@ ssh -i <your-key-pair>.pem ec2-user@<public-dns-of-instance>
 Manual scanning involves checking common locations where credentials may be stored. Here are some typical command-line operations that can help:
 
 1. **Search for AWS Credentials:**
-
 ```bash
 find / -name "credentials" -type f
 ```
-
 2. **Search for SSH Keys:**
-
 ```bash
 find / -name "id_rsa" -type f
 ```
-
 3. **Look for Configuration Files Containing Sensitive Information:**
-
 Use `grep` to locate keywords such as 'password', 'secret', 'key', etc.
-
 ```bash
 grep -ri 'password\|secret\|key' /path/to/search
 ```
 
-### Automating the Process
+## Automating the Process
 
 While the manual process can be effective for targeted searches, automation provides efficiency and consistency at scale. 
 
 You can write scripts or use specialized tools to automate the detection of sensitive information. Here are some approaches:
 
 1. **Using Bash Scripts:**
-
 Create a script that executes various `find` and `grep` commands. Save this as `scan.sh`:
-
 ```bash
 #!/bin/bash
 # Search for AWS credentials
@@ -87,17 +81,10 @@ find /home -name "id_rsa" -print
 # Search for sensitive information in configuration files
 grep -ri 'password\|secret\|key' /home
 ```
-
 Run the script on each instance:
-
 ```bash
 chmod +x scan.sh
 ./scan.sh
 ```
-
 2. **Using Specialized Tools:**
 Tools like [truffleHog](https://github.com/trufflesecurity/trufflehog) and [gitleaks](https://github.com/gitleaks/gitleaks) can detect sensitive information in codebases and configurations.
-
-### Additional Resources
-
-For an in-depth exploration of public AMIs and associated risks, I highly recommend reading the extensive research article by [Eduard Agavriloae](https://www.linkedin.com/in/eduard-k-agavriloae/) and [Matei Josephs](https://www.linkedin.com/in/matei-anthony-josephs-325ba5199/), which this article draws heavily from. You can find it [here](https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/).