You're reading from AWS Penetration Testing Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781839216923

Length 330 pages

Edition 1st Edition

Languages

Tools

AWS

Concepts

Cloud Security

Author (1):

Jonathan Helmus

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Setting Up AWS and Pentesting Environments

2. Chapter 1: Building Your AWS Environment FREE CHAPTER

3. Chapter 2: Pentesting and Ethical Hacking

4. Section 2: Pentesting the Cloud – Exploiting AWS

5. Chapter 3: Exploring Pentesting and AWS

6. Chapter 4: Exploiting S3 Buckets

7. Chapter 5: Understanding Vulnerable RDS Services

8. Chapter 6: Setting Up and Pentesting AWS Aurora RDS

9. Chapter 7: Assessing and Pentesting Lambda Services

10. Chapter 8: Assessing AWS API Gateway

11. Chapter 9: Real-Life Pentesting with Metasploit and More!

12. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning

13. Chapter 10: Pentesting Best Practices

14. Chapter 11: Staying Out of Trouble

15. Chapter 12: Other Projects with AWS

16. Other Books You May Enjoy

Leave a review - let other readers know what you think

Avoiding legal issues

As we have seen throughout this book, pentesting can be very intrusive and at times can even be very dangerous if your team doesn't fully understand what is within the scope of the pentest, and can lead to fines or even actions that would be considered illegal under the Computer Fraud and Abuse Act (CFAA). Depending on who and what the pentest team is testing, you could also be breaking other laws, such as federal and state laws; however, that would depend on each pentest.

This all being said, let's take a quick look at how we can stay out of trouble with both the law and our clients.

Get-out-of-jail-free card

This is one of the most significant fundamental factors in ensuring that you stay out of any legal conflict during a pentest. The get-out-of-jail-free card is essentially a piece of paper stating that a pentest team is authorized to pentest the target organization – however, it should also annotate WHAT, WHERE...