You're reading from AWS Penetration Testing Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781839216923

Length 330 pages

Edition 1st Edition

Languages

Tools

AWS

Concepts

Cloud Security

Author (1):

Jonathan Helmus

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Setting Up AWS and Pentesting Environments

2. Chapter 1: Building Your AWS Environment FREE CHAPTER

3. Chapter 2: Pentesting and Ethical Hacking

4. Section 2: Pentesting the Cloud – Exploiting AWS

5. Chapter 3: Exploring Pentesting and AWS

6. Chapter 4: Exploiting S3 Buckets

7. Chapter 5: Understanding Vulnerable RDS Services

8. Chapter 6: Setting Up and Pentesting AWS Aurora RDS

9. Chapter 7: Assessing and Pentesting Lambda Services

10. Chapter 8: Assessing AWS API Gateway

11. Chapter 9: Real-Life Pentesting with Metasploit and More!

12. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning

13. Chapter 10: Pentesting Best Practices

14. Chapter 11: Staying Out of Trouble

15. Chapter 12: Other Projects with AWS

16. Other Books You May Enjoy

Leave a review - let other readers know what you think

Targeting vulnerable service applications

Vulnerable services are one of the worst things that can be part of your environment and one of the easiest, but not always the cheapest, things to fix. As applications get older, so does the code used to build the application, and while time advances, so do the vulnerabilities of the older application. Unfortunately, while simply patching or updating old software sounds easy, it's actually quite expensive and time-consuming. Updating an application can take copious amounts of time and bring down the service the application uses to function. This means a loss in revenue and usability.

In this next scenario, we will see the real damage produced by a vulnerable application on a network with AWS.

The scenario – discovering and attacking any low-hanging fruit

In this scenario, the client has requested a pentest for what they suspect to be a vulnerable application. This application is currently being hosted within its AWS...