In this chapter, we covered setting up a CloudTrail Event that follows best practices where possible, and also how to audit for the best practices in a target environment. CloudTrail is not a perfect service, and we have demonstrated that through the use of services that it does not support it is possible to perform reconnaissance in an account without ever generating any logs. For this reason, it is useful to keep track of what services are unsupported in CloudTrail so that you can exploit them as they are released while in a target environment, without every showing up in the logs. Cross-account enumeration methods also allow us to discover information about our target account without generating logs (in the target account), meaning that we can get an understanding of who uses the environment and what is used in the environment without making API calls with the compromised...
Hands-On AWS Penetration Testing with Kali Linux
By :
Hands-On AWS Penetration Testing with Kali Linux
By:
Overview of this book
The cloud is taking over the IT industry. Any organization housing a large amount of data or a large infrastructure has started moving cloud-ward — and AWS rules the roost when it comes to cloud service providers, with its closest competitor having less than half of its market share. This highlights the importance of security on the cloud, especially on AWS. While a lot has been said (and written) about how cloud environments can be secured, performing external security assessments in the form of pentests on AWS is still seen as a dark art.
This book aims to help pentesters as well as seasoned system administrators with a hands-on approach to pentesting the various cloud services provided by Amazon through AWS using Kali Linux. To make things easier for novice pentesters, the book focuses on building a practice lab and refining penetration testing with Kali Linux on the cloud. This is helpful not only for beginners but also for pentesters who want to set up a pentesting environment in their private cloud, using Kali Linux to perform a white-box assessment of their own cloud resources. Besides this, the book covers a large variety of AWS services that are often overlooked during a pentest — from serverless infrastructure to automated deployment pipelines.
By the end of this book, you will be able to identify possible vulnerable areas efficiently and secure your AWS cloud environment.
Related Content you might be interested in
Current Title:
Hands-On AWS Penetration Testing with Kali Linux
Table of Contents (28 chapters)
Preface
Setting Up a Pentesting Lab on AWS
Setting Up a Kali PentestBox on the Cloud
Exploitation on the Cloud using Kali Linux
Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing
Setting Up Your First EC2 Instances
Penetration Testing of EC2 Instances using Kali Linux
Elastic Block Stores and Snapshots - Retrieving Deleted Data
Section 3: Pentesting AWS Simple Storage Service Configuring and Securing
Reconnaissance - Identifying Vulnerable S3 Buckets
Exploiting Permissive S3 Buckets for Fun and Profit
Section 4: AWS Identity Access Management Configuring and Securing
Identity Access Management on AWS
Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu
Using Boto3 and Pacu to Maintain AWS Persistence
Section 5: Penetration Testing on Other AWS Services
Security and Pentesting of AWS Lambda
Pentesting and Securing AWS RDS
Targeting Other Services
Section 6: Attacking AWS Logging and Security Services
Pentesting CloudTrail
GuardDuty
Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks
Using Scout Suite for AWS Security Auditing
Using Pacu for AWS Pentesting
Putting it All Together - Real - World AWS Pentesting
Other Books You May Enjoy
Customer Reviews