Hands-On AWS Penetration Testing with Kali Linux: Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Setting up a vulnerable Ubuntu instance

Setting up a vulnerable Windows instance

Configuring security groups within the lab

Setting Up a Kali PentestBox on the Cloud

Setting up Kali Linux on AWS EC2

Configuring OpenSSH for remote SSH access

Setting up Guacamole for remote access

Questions

Exploitation on the Cloud using Kali Linux

Configuring and running Nessus

Exploiting a vulnerable Linux VM

Exploiting a vulnerable Windows VM

Questions

Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

Setting Up Your First EC2 Instances

Setting Up Ubuntu on AWS EC2

Configuring VPC settings

Storage types that are used in EC2 instances

Configuring firewall settings

Configuring EC2 authentication

Penetration Testing of EC2 Instances using Kali Linux

Installing a vulnerable service on Windows

Scanning and reconnaissance using Nmap

Identifying and fingerprinting open ports and services using Nmap

Performing an automated vulnerability assessment using Nexpose

Using Metasploit for automated exploitation

Using Meterpreter for privilege escalation, pivoting, and persistence

Elastic Block Stores and Snapshots - Retrieving Deleted Data

Creating, attaching, and detaching new EBS volumes from EC2 instances

Extracting deleted data from EBS volumes

Full disk encryption on EBS volumes

Setting up your first S3 bucket

Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

Reconnaissance - Identifying Vulnerable S3 Buckets

S3 permissions and the access API

Creating a vulnerable S3 bucket

Extracting sensitive data from exposed S3 buckets

Exploiting Permissive S3 Buckets for Fun and Profit

Injecting malicious code into S3 buckets

Backdooring S3 buckets for persistent access

Creating IAM users, groups, roles, and associated privileges

Section 4: AWS Identity Access Management Configuring and Securing

Identity Access Management on AWS

Limit API actions and accessible resources with IAM policies

Using IAM access keys

Signing AWS API requests manually

The importance of permissions enumeration

Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

Using the boto3 library for reconnaissance

Dumping all the account information

Permission enumeration with compromised AWS keys

Privilege escalation and gathering credentials using Pacu

Backdooring role trust relationships

Using Boto3 and Pacu to Maintain AWS Persistence

Backdooring users

Backdooring EC2 Security Groups

Using Lambda functions as persistent watchdogs

Setting up a vulnerable Lambda function

Section 5: Penetration Testing on Other AWS Services

Security and Pentesting of AWS Lambda

Attacking Lambda functions with read access

Attacking Lambda functions with read and write access

Pivoting into Virtual Private Clouds

Pentesting and Securing AWS RDS

Setting up a vulnerable RDS instance

Connecting an RDS instance to WordPress on EC2

Identifying and enumerating exposed RDS instances using Nmap

Exploitation and data extraction from a vulnerable RDS instance

Simple Email Service (SES)

Targeting Other Services

Route 53

Attacking all of CloudFormation

Elastic Container Registry (ECR)

Setup, best practices, and auditing

Section 6: Attacking AWS Logging and Security Services

Pentesting CloudTrail

More about CloudTrail

GuardDuty

An introduction to GuardDuty and its findings

Alerting about and reacting to GuardDuty findings

Bypassing GuardDuty

Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

Using Scout Suite for AWS Security Auditing

Setting up a vulnerable AWS infrastructure

Configuring and running Scout Suite

Parsing the results of a Scout Suite scan

Using Scout Suite's rules

Getting started with Pacu

Using Pacu for AWS Pentesting

Pacu history

Pacu commands

Creating a new module

An introduction to PacuProxy

Unauthenticated reconnaissance

Putting it All Together - Real - World AWS Pentesting

Pentest kickoff

Authenticated reconnaissance plus permissions enumeration

Privilege escalation

Persistence

Post-exploitation

Auditing for compliance and best practices