Creating attack paths
An attack path involves using information gathered from your target to make a "story" or "scenario" on how you or an actual threat could leverage that information to exploit the target system or application. There are frameworks on the net that allow you to get an idea of attack paths from actual previous events.
Tip
While it's a little off course for this book, I would highly recommend looking at the MITRE ATT&CK framework for more information: https://attack.mitre.org/.
With various attack scenarios, comes different ways to pentest. Some scenarios require a holistic approach, and some are more goal-oriented. It's important to understand what information you will need to know before even beginning to scan and attempting to connect to any AWS appliance, or even before testing! Some clients may have a more natural approach, while others will have a direct target they want you to attack and attempt to exploit.
