In this series, we’ll explore Amazon’s approach towards users testing the security of their AWS services. We’ll explore popular ways to enumerate and take advantage of various AWS services to compromise the target infrastructure further.
Throughout this series some examples will be provided, any identifiable account information has been substituted for sample information.
Here’s a complete overview of the arctil AWS Penetration Testing series;
- AWS Penetration Testing Policy and Scoping
- Introduction
- Prohibited Testing Methods
- Scoping
- AWS Command Line Interface
- Introduction
- Configuring and Usage
- S3 Buckets
- Introduction to S3 Buckets
- Enumerating Public S3 Buckets
- How S3 Manages Public Bucket Access
- Further Bucket Enumeration
- Using AWSBucketDump To Enumerate S3 Buckets
- Uploading To Public S3 Buckets
- Conclusion
- EC2
- Introduction To EC2
- Getting Started With Penetration Testing On An EC2 Instance
- Exploiting The Metadata Service
- Further Web Application Exploitation
- Exploring Snapshots
- Understanding Security Groups
- Identity and Access Management
- Using IAM For Enumeration
- Understanding AWS Policies
- Bruteforcing API Calls Using enumerate-iam and awsenum
- Maintaining Access
- DynamoDB and RDS
- Introduction To DynamoDB
- Introduction To RDS
- Creating And Assigning Security Groups
- Lambda
- Introduction To Lambda
- Lambda Enumeration
- Secrets Manager
- Introduction To Secrets Manager
- Exploring Secrets
- CloudTrail
- Introduction To CloudTrail
- Pacu Exploitation Framework
- Introduction To Pacu
- Getting Started With Pacu
- Service Enumeration Using Pacu Modules
- Privilege Escalation With Pacu
- Lateral Movement And Persistence With Pacu
- Conclusion
- Final Assessment and Additional Resources
