Testing and hacking our first vulnerable environment
In this section, we’ll try to emulate how an attacker might behave when trying to hack our vulnerable S3 bucket. Attackers might use a specialized set of automated tools, but we should do just fine without those tools in this chapter.
Inspecting and verifying the S3 bucket’s security
We will start by verifying the security configuration of the S3 bucket we created using a series of manual checks.
Important note
It is unethical and illegal to attack cloud resources owned by another user or company. Before we start, make sure you read the Examining the considerations when building penetration testing lab environments in the cloud section of Chapter 1, Getting Started with Penetration Testing Labs in the Cloud, since we will be simulating the attack process to validate whether the misconfigurations and vulnerabilities and present are exploitable.
With that out of the way, we can proceed with testing and...
