Book Image

AWS Penetration Testing

By : Jonathan Helmus
Book Image

AWS Penetration Testing

By: Jonathan Helmus

Overview of this book

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment. You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way. By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.
Table of Contents (17 chapters)
Section 1: Setting Up AWS and Pentesting Environments
Section 2: Pentesting the Cloud – Exploiting AWS
Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning

Bucket policies and ACLs

Bucket policies and access control lists (ACLs) are used for access control – acting as the front line to allow and deny access to S3 resources in your AWS environment. Both ACL and buckets use JSON or YAML to write out their policies, which can make things difficult or easy, depending on how you look at it.

Now let's move forward as we take a look at how these policies are created!

Public bucket policies

When pentesting S3, one of the first things you'll want to do is look and see what the policies are for an S3 bucket. The following takes a look at a simple bucket policy that we'll create and how we can start interacting with buckets based on that policy.

Follow these steps to create a bucket and then list out its policy:

  1. Go to the S3 bucket page and click on the bucket that we created.
  2. Next, click on the Permissions tab.
  3. Ensure that you have everything unchecked on Block all public access:

    Figure 4.13...