Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Product type Paperback

Published in Apr 2019

Publisher Packt

ISBN-13 9781789136722

Length 508 pages

Edition 1st Edition

Tools

AWS

Concepts

Penetration Testing

Authors (2):

Benjamin Caudill

Karl Gilbert Gupta

View More author details

Table of Contents (28) Chapters

Preface

1. Section 1: Kali Linux on AWS FREE CHAPTER

2. Setting Up a Pentesting Lab on AWS

3. Setting Up a Kali PentestBox on the Cloud

4. Exploitation on the Cloud using Kali Linux

5. Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

6. Setting Up Your First EC2 Instances

7. Penetration Testing of EC2 Instances using Kali Linux

8. Elastic Block Stores and Snapshots - Retrieving Deleted Data

9. Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

10. Reconnaissance - Identifying Vulnerable S3 Buckets

11. Exploiting Permissive S3 Buckets for Fun and Profit

12. Section 4: AWS Identity Access Management Configuring and Securing

13. Identity Access Management on AWS

14. Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

15. Using Boto3 and Pacu to Maintain AWS Persistence

16. Section 5: Penetration Testing on Other AWS Services

17. Security and Pentesting of AWS Lambda

18. Pentesting and Securing AWS RDS

19. Targeting Other Services

20. Section 6: Attacking AWS Logging and Security Services

21. Pentesting CloudTrail

22. GuardDuty

23. Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

24. Using Scout Suite for AWS Security Auditing

25. Using Pacu for AWS Pentesting

26. Putting it All Together - Real - World AWS Pentesting

27. Other Books You May Enjoy

Leave a review - let other readers know what you think

Using Scout Suite's rules

Scout Suite provides us with an option to audit an infrastructure using a custom ruleset instead of its default ruleset. This is very useful as each organization has its own business case in mind while setting up an AWS infrastructure. Using custom rulesets can help organizations customize the tool's assessments according to their needs.

Let's take a look at how we can create our own ruleset:

To create a new ruleset, we first need to make a copy of the existing ruleset. You can find the default ruleset file in the GitHub repository at https://github.com/nccgroup/ScoutSuite/blob/master/ScoutSuite/providers/aws/rules/rulesets/detailed.json. The reason we are doing this is to ensure that we have the correct format of the ruleset from which we can build our own rules.
Download the file and open it in a text editor, as shown in the following...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Karl Gilbert Gupta

Karl Gilbert is a security researcher who has contributed to the security of some widely used open-source software. His primary interests relate to vulnerability research, 0-days, cloud security, secure DevOps, and CI/CD.

See other products by Karl Gilbert Gupta

Benjamin Caudill

Benjamin Caudill is a security researcher and founder of pentesting firm Rhino Security Labs. Built on 10+ years of offensive security experience, Benjamin directed the company with research and development as its foundation, into a key resource for high-needs clients. Benjamin has also been a major contributor to AWS security research. With co-researcher Spencer Gietzen, the two have developed Pacu (the AWS exploitation framework) and identified dozens of new attack vectors in cloud architecture. Both GCP and Azure research are expected throughout 2019. As a regular contributor to the security industry, Benjamin been featured on CNN, Wired, Washington Post, and other major media outlets.

See other products by Benjamin Caudill