Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Product type Paperback

Published in Apr 2019

Publisher Packt

ISBN-13 9781789136722

Length 508 pages

Edition 1st Edition

Tools

AWS

Concepts

Penetration Testing

Authors (2):

Benjamin Caudill

Karl Gilbert Gupta

View More author details

Table of Contents (28) Chapters

Preface

1. Section 1: Kali Linux on AWS FREE CHAPTER

2. Setting Up a Pentesting Lab on AWS

3. Setting Up a Kali PentestBox on the Cloud

4. Exploitation on the Cloud using Kali Linux

5. Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

6. Setting Up Your First EC2 Instances

7. Penetration Testing of EC2 Instances using Kali Linux

8. Elastic Block Stores and Snapshots - Retrieving Deleted Data

9. Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

10. Reconnaissance - Identifying Vulnerable S3 Buckets

11. Exploiting Permissive S3 Buckets for Fun and Profit

12. Section 4: AWS Identity Access Management Configuring and Securing

13. Identity Access Management on AWS

14. Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

15. Using Boto3 and Pacu to Maintain AWS Persistence

16. Section 5: Penetration Testing on Other AWS Services

17. Security and Pentesting of AWS Lambda

18. Pentesting and Securing AWS RDS

19. Targeting Other Services

20. Section 6: Attacking AWS Logging and Security Services

21. Pentesting CloudTrail

22. GuardDuty

23. Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

24. Using Scout Suite for AWS Security Auditing

25. Using Pacu for AWS Pentesting

26. Putting it All Together - Real - World AWS Pentesting

27. Other Books You May Enjoy

Leave a review - let other readers know what you think

More about CloudTrail

Although CloudTrail is meant to be the central logging source for an AWS account, the way that it is built leaves some undesirable risks out in the open as new AWS services are being developed. The team working at AWS that is creating a new service must create the CloudTrail integration with their service to allow its API calls to be logged to CloudTrail. Also, because of how fast AWS pushes out new services and functionality, there are many services that get released without any support for CloudTrail. That list can be found here: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-unsupported-aws-services.html. Later in this chapter, we will dive into abusing unsupported services for our advantage as an attacker, as any API call that doesn't get logged to CloudTrail can do wonders for us as attackers.

CloudTrail is also not the only...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Karl Gilbert Gupta

Karl Gilbert is a security researcher who has contributed to the security of some widely used open-source software. His primary interests relate to vulnerability research, 0-days, cloud security, secure DevOps, and CI/CD.

See other products by Karl Gilbert Gupta

Benjamin Caudill

Benjamin Caudill is a security researcher and founder of pentesting firm Rhino Security Labs. Built on 10+ years of offensive security experience, Benjamin directed the company with research and development as its foundation, into a key resource for high-needs clients. Benjamin has also been a major contributor to AWS security research. With co-researcher Spencer Gietzen, the two have developed Pacu (the AWS exploitation framework) and identified dozens of new attack vectors in cloud architecture. Both GCP and Azure research are expected throughout 2019. As a regular contributor to the security industry, Benjamin been featured on CNN, Wired, Washington Post, and other major media outlets.

See other products by Benjamin Caudill