You're reading from AWS Penetration Testing Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781839216923

Length 330 pages

Edition 1st Edition

Languages

Tools

AWS

Concepts

Cloud Security

Author (1):

Jonathan Helmus

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Setting Up AWS and Pentesting Environments

2. Chapter 1: Building Your AWS Environment FREE CHAPTER

3. Chapter 2: Pentesting and Ethical Hacking

4. Section 2: Pentesting the Cloud – Exploiting AWS

5. Chapter 3: Exploring Pentesting and AWS

6. Chapter 4: Exploiting S3 Buckets

7. Chapter 5: Understanding Vulnerable RDS Services

8. Chapter 6: Setting Up and Pentesting AWS Aurora RDS

9. Chapter 7: Assessing and Pentesting Lambda Services

10. Chapter 8: Assessing AWS API Gateway

11. Chapter 9: Real-Life Pentesting with Metasploit and More!

12. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning

13. Chapter 10: Pentesting Best Practices

14. Chapter 11: Staying Out of Trouble

15. Chapter 12: Other Projects with AWS

16. Other Books You May Enjoy

Leave a review - let other readers know what you think

White box/functional pentesting Aurora

Just as we did before with RDS, we are going to look and see what we can find out about Aurora from a pentesting point of view. We know the environment since we set it up, but for the sake of the next exercise, let's say we are pentesting an Aurora instance. This test involves looking at whether the instance is accessible by the public, how strong the password field is, and anything else we may be able to do while looking at the instance.

The reason we want to do this is to expose the white box pentesting methodology in as many cases as possible. White box pentesting is the most common pentesting methodology because it allows pentesters to fully pentest everything for both functional purposes and compliance purposes. We are going to apply this to our Aurora instance.

Our engagement starts off with scanning the Aurora instance. Remember, we don't know anything except the address of the instance!