Within this series, we’ve explored what Amazon allow with regards to service penetration testing. We’ve also looked at a number of the AWS services and how to enumerate and abuse them for further access.
Now that you’ve built your understanding of AWS penetration testing you may want to test your knowledge with our assessment. This is completely free and will just act as a benchmark to see how you’ve progressed, you can find a link below.
AWS Penetration Testing Assessment
Additional Resources
There is a wealth of information available online to help you expand your AWS skill set, to aid in this journey we have provided some of these resources down below.
Flaws.cloud
A step-by-step series of challenges to get hands-on experience enumerating and penetrating AWS network environments.
Rhino Security Labs
Rhino Security Labs specializes in AWS penetration testing with expertise across the large variety of offered AWS services. This technical blog offers a wealth of information relating to AWS penetration testing.
Hacktricks Cloud
Cloud penetration testing methodologies and tricks, ranging from service enumeration to privilege escalation and post-exploitation.
Pacu Wiki
Pacu is an open-source AWS exploitation framework created and maintained by Rhino Security Labs to assist in offensive security testing against cloud environments. The exploitation framework allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature set.
AWS
AWS customers are welcome to carry out security assessments or penetration tests of their AWS infrastructure without prior approval for the services listed in the next section under “Permitted Services.” To ensure any testing is fully within scope it’s worth referring to the official documentation.
