Goal-based pentesting scenarios
Now let's start to move forward and look at some real scenarios that are relatively common when pentesting S3 in a real-life environment. While it may not seem like typical "pentesting," because AWS pentesting does not use a typical pentesting methodology, it does still serve the mission of finding issues and leveraging them to your advantage. Goal-based pentesting entails testing a target with a "goal" in mind. In this case, we are looking for issues and mishaps that may be in an S3 bucket. Oftentimes, organizations will want to know how vulnerable a specific resource is, and how the path that leads to the vulnerability could be exploited.
For this example, we will look at how an unsecured bucket leads us to delete an important document and then upload a document with the same name. We will be using an "assumed model," meaning that we already have some type of access to the system. Before we walk through the exercise...
