Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Product type Paperback

Published in Apr 2019

Publisher Packt

ISBN-13 9781789136722

Length 508 pages

Edition 1st Edition

Tools

AWS

Concepts

Penetration Testing

Authors (2):

Benjamin Caudill

Karl Gilbert Gupta

View More author details

Table of Contents (28) Chapters

Preface

1. Section 1: Kali Linux on AWS FREE CHAPTER

2. Setting Up a Pentesting Lab on AWS

3. Setting Up a Kali PentestBox on the Cloud

4. Exploitation on the Cloud using Kali Linux

5. Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

6. Setting Up Your First EC2 Instances

7. Penetration Testing of EC2 Instances using Kali Linux

8. Elastic Block Stores and Snapshots - Retrieving Deleted Data

9. Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

10. Reconnaissance - Identifying Vulnerable S3 Buckets

11. Exploiting Permissive S3 Buckets for Fun and Profit

12. Section 4: AWS Identity Access Management Configuring and Securing

13. Identity Access Management on AWS

14. Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

15. Using Boto3 and Pacu to Maintain AWS Persistence

16. Section 5: Penetration Testing on Other AWS Services

17. Security and Pentesting of AWS Lambda

18. Pentesting and Securing AWS RDS

19. Targeting Other Services

20. Section 6: Attacking AWS Logging and Security Services

21. Pentesting CloudTrail

22. GuardDuty

23. Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

24. Using Scout Suite for AWS Security Auditing

25. Using Pacu for AWS Pentesting

26. Putting it All Together - Real - World AWS Pentesting

27. Other Books You May Enjoy

Leave a review - let other readers know what you think

Identifying and fingerprinting open ports and services using Nmap

Continuing from the previous section, we will now scan a host for open ports and then try to identify services running on our target. For this exercise, we will be using the Nmap SYN scan -sS flag. This is the default and most popularly-used scanning technique. Why? It's because the scan is quick and can be performed without any hampering by the firewall. The scan is also stealthy as it does not complete the TCP handshake. The scan can produce distinct and accurate results between open, closed, and filtered ports. So how does this scan work? Let's take a look.

The SYN scan uses a half-open TCP connection to determine whether the port is open or closed. The SYN scan process can be visualized by the following diagram:

Each port scan starts with Nmap sending a SYN packet to the designated port. If the port...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Karl Gilbert Gupta

Karl Gilbert is a security researcher who has contributed to the security of some widely used open-source software. His primary interests relate to vulnerability research, 0-days, cloud security, secure DevOps, and CI/CD.

See other products by Karl Gilbert Gupta

Benjamin Caudill

Benjamin Caudill is a security researcher and founder of pentesting firm Rhino Security Labs. Built on 10+ years of offensive security experience, Benjamin directed the company with research and development as its foundation, into a key resource for high-needs clients. Benjamin has also been a major contributor to AWS security research. With co-researcher Spencer Gietzen, the two have developed Pacu (the AWS exploitation framework) and identified dozens of new attack vectors in cloud architecture. Both GCP and Azure research are expected throughout 2019. As a regular contributor to the security industry, Benjamin been featured on CNN, Wired, Washington Post, and other major media outlets.

See other products by Benjamin Caudill