PENTESTING Solutions

AMAZON AWS CLOUD SECURITY (OFFENSIVE)

PENTESTING

• Identifying the AWS Accounts IDs from a Public S3 Bucket : This is a technique that can find an AWS account ID given a public S3 bucket, and how this can be leveraged.

• AWS IAM Enumeration : This is a technique of AWS CLI as well as IAM user, role, group, and policy enumeration.

• AWS S3 Enumeration : This techniques demonstrated one of the most popular AWS services - S3 (Simple Storage Service), and show how attackers can use it to get a foothold and escalate privileges in a cloud environment.

• Pillage Exposed RDS Instances : This technique demonstrates the danger of publicly accessible Amazon Relational Database Service (RDS) instances, and how this can be leveraged by an attacker. Advice on remediation and detection is also included.

• SSRF : This technique showcase how a Server Side Request Forgery (SSRF) vulnerability can potentially be much more severe, when the website is hosted on an EC2 instance.

• Path Traversal to AWS credentials to S3 : This technique showcase how a path traversal vulnerability can result in gaining a foothold in a cloud environment. Path, or directory traversal is also known as a dot-dot-slash attack.

• Loot Public EBS Snapshots : This technique shows about the dangers of public EBS snapshots, and how this can be leveraged by an attacker. Advice on remediation and detection is also included.

• Plunder Public RDS Snapshots : This technique shows about the danger of public Amazon Relational Database Service (RDS) snapshots, and how this can be leveraged by an attacker. Advice on remediation and detection is also included.

• Access Secrets with S3 Bucket Versioning : This technique shows about the potential dangers of S3 bucket versioning, if the admins have not sufficiently restricted who can access them, and about the dangers of inadequate data segregation and storing secrets in plain text fields. Advice on remediation is also included.

• Execute and Identify Credential Abuse in AWS : This technique showcase variety of credential abuse techniques and how they can be detected and mitigated.

• Assume Privileged Role with External ID : This technique showcase the real-world danger of exposed configuration files, and how using production accounts for testing policies can be leveraged to assume a role that has access to secret information.

• Leverage Insecure Storage and Backups for Profit : This technique howcase how backup files on accessible storage can be used to further access within a cloud environment and domain.

• Uncover Secrets in CodeCommit and Docker : This technique howcase a common issue, leaked credentials in Docker images.

• S3 Bucket Brute Force to Breach : This technique shows about the dangers of sensitive data stored on public S3 buckets, and how threat actors can discover them, and gain information that allows them to move laterally and vertically in a cloud environment. Advice on remediation and detection is also included.

• Abuse Cognito User and Identity Pools : This technique showcase how Cognito User and Identity Pool configurations can allow malicious actors to gain a foothold in cloud infrastructure. Also shows how Lambda can be abused to move laterally and vertically in an environment.

• Leverage Leaked Credentials : This technique showcase how leaked secrets can result in a malicious actor pwning a cloud environment and accessing personally identifiable information (PII).

• Secrets in Git Repos : This technique showcase a common issue, leaked credentials in git repositories.

• Secure S3 with Amazon Macie : This technique shows about Amazon Macie, and how to discover sensitive data as well as highlighting buckets that are world-readable and world-writable.​