Headshot of Scott Weston

Scott Weston

Linkedin

Senior Security Consultant

Scott Weston is a Security Consultant II at NetSPI, and is a remote tester based out of San Diego, CA. He has 2 ½ years of experience in information security with his involvement including web applications and cloud environments, specifically AWS. In his spare time, he enjoys pursuing individual bug bounties and interesting avenues of pentesting.

He can be found on Twitter under the alias @WebbinRoot and has compiled a public list of slides covering a large wealth of AWS knowledge.

More by Scott Weston

Cloud Pentesting

An Introduction to GCPwn – Parts 2 and 3

August 21, 2024

Example exploit path using GCPwn covering enumeration, brute forcing secrets manager versions, and downloading data from cloud storage both through default enum_buckets and with HMAC keys.

Learn More
Cloud Pentesting

An Introduction to GCPwn – Part 1

July 29, 2024

GCPwn is a python-based framework for pentesting GCP environments. While individual exploit scripts exist today for GCP attack vectors, GCPwn seeks to consolidate all these scripts and manage multiple sets of credentials at once (for example, multiple service account keys) all within one framework. With the use of interactive prompts, GCPwn makes enumeration and exploitation

Learn More
Cloud Pentesting

Pivoting Clouds in AWS Organizations – Part 2: Examining AWS Security Features and Tools for Enumeration

March 7, 2023

Explore AWS Organizations security implications and see a demonstration of a new Pacu module created for ease of enumeration. Key insights from AWS pentesting.

Learn More
Cloud Pentesting

Pivoting Clouds in AWS Organizations – Part 1: Leveraging Account Creation, Trusted Access, and Delegated Admin

March 6, 2023

Explore several key points of AWS Organizations theory and learn exploitable opportunities in existing AWS solutions. Key insights from AWS pentesting.

Learn More