Book Image

Hands-On AWS Penetration Testing with Kali Linux

By : Karl Gilbert, Benjamin Caudill
Book Image

Hands-On AWS Penetration Testing with Kali Linux

By: Karl Gilbert, Benjamin Caudill

Overview of this book

The cloud is taking over the IT industry. Any organization housing a large amount of data or a large infrastructure has started moving cloud-ward — and AWS rules the roost when it comes to cloud service providers, with its closest competitor having less than half of its market share. This highlights the importance of security on the cloud, especially on AWS. While a lot has been said (and written) about how cloud environments can be secured, performing external security assessments in the form of pentests on AWS is still seen as a dark art. This book aims to help pentesters as well as seasoned system administrators with a hands-on approach to pentesting the various cloud services provided by Amazon through AWS using Kali Linux. To make things easier for novice pentesters, the book focuses on building a practice lab and refining penetration testing with Kali Linux on the cloud. This is helpful not only for beginners but also for pentesters who want to set up a pentesting environment in their private cloud, using Kali Linux to perform a white-box assessment of their own cloud resources. Besides this, the book covers a large variety of AWS services that are often overlooked during a pentest — from serverless infrastructure to automated deployment pipelines. By the end of this book, you will be able to identify possible vulnerable areas efficiently and secure your AWS cloud environment.
Table of Contents (28 chapters)
Free Chapter
1
Section 1: Kali Linux on AWS
5
Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing
9
Section 3: Pentesting AWS Simple Storage Service Configuring and Securing
12
Section 4: AWS Identity Access Management Configuring and Securing
16
Section 5: Penetration Testing on Other AWS Services
20
Section 6: Attacking AWS Logging and Security Services
23
Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

Targeting Other Services

AWS offers a wide variety of services and they are constantly updating those services, along with releasing new ones. There are so many that it would be impossible to cover them all in this book, but this chapter aims to cover a few less mainstream services and how they can be abused for our benefit as an attacker.

It is important to note that every single AWS service has the potential for some sort of exploitation when looking at it like an attacker, and that just because it is not covered in this book, it doesn't mean you shouldn't investigate it. There are a variety of security problems that can arise in every service, so the best thing to do is to look at a service and determine how it would be used in the real world, then look for common mistakes, insecure defaults, or just bad practices that are followed to benefit yourself.

The four different...