[RedTeam] Rotating Source IPs (Part 1) — AWS API Gateway

4 min readJan 7, 2021


During a security engagement, especially for an evasive/covert type of assessment, you might need to hide your traffic as much as possible. Or if the client has implemented some type of IP based blocking, you might need to rotate your source IPs to bypass it to do something like password spraying, web application enumeration, etc. Also, Microsoft is no…


OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security