Enumerating and understanding AWS services
Enumeration is the process of gathering information that gives you valuable characteristics about a target during the recon of a target. Enumeration involves performing reconnaissance and scanning your targets. This means getting information about services, domain names, ports, and so on. While we have been performing enumeration by gathering open source information, let's take a quick look at some of the AWS services that we may target or encounter during an AWS pentest. Discussing these services allows us to understand more about our targets before we begin exploiting them.
Important note
For more information on enumeration, check out the penetration testing standard: http://www.pentest-standard.org/.
S3 buckets and discovering open buckets with web apps
S3 buckets are a great resource provided by AWS. S3 buckets act as "containers" that allow users to store objects, or data, in them that can be retrieved at any...
