Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Product type Paperback

Published in Apr 2019

Publisher Packt

ISBN-13 9781789136722

Length 508 pages

Edition 1st Edition

Tools

AWS

Concepts

Penetration Testing

Authors (2):

Benjamin Caudill

Karl Gilbert Gupta

View More author details

Table of Contents (28) Chapters

Preface

1. Section 1: Kali Linux on AWS FREE CHAPTER

2. Setting Up a Pentesting Lab on AWS

3. Setting Up a Kali PentestBox on the Cloud

4. Exploitation on the Cloud using Kali Linux

5. Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

6. Setting Up Your First EC2 Instances

7. Penetration Testing of EC2 Instances using Kali Linux

8. Elastic Block Stores and Snapshots - Retrieving Deleted Data

9. Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

10. Reconnaissance - Identifying Vulnerable S3 Buckets

11. Exploiting Permissive S3 Buckets for Fun and Profit

12. Section 4: AWS Identity Access Management Configuring and Securing

13. Identity Access Management on AWS

14. Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

15. Using Boto3 and Pacu to Maintain AWS Persistence

16. Section 5: Penetration Testing on Other AWS Services

17. Security and Pentesting of AWS Lambda

18. Pentesting and Securing AWS RDS

19. Targeting Other Services

20. Section 6: Attacking AWS Logging and Security Services

21. Pentesting CloudTrail

22. GuardDuty

23. Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

24. Using Scout Suite for AWS Security Auditing

25. Using Pacu for AWS Pentesting

26. Putting it All Together - Real - World AWS Pentesting

27. Other Books You May Enjoy

Leave a review - let other readers know what you think

Extracting deleted data from EBS volumes

In our next activity, we will learn how to attach volumes to our Kali machine and then use forensics to recover the deleted data. Before we dive into a hands-on exercise, let's understand what forensics is and how data recovery works.

Forensic Data Analysis (FDA) comes under the umbrella of Digital Forensics, and is the method of recovering and analysing data to gain an insight into how the data was created, and to acquire digital dust in the cases of cyber crime and fraud. Data recovery can be performed on a range of devices including mobile devices, storage devices, and servers. The techniques involved include data decryption, and reverse engineering binaries analysis of logs.

When it comes to data recovery, we face two types of data; namely, persistent data (which is written to a drive and is easily accessible) and volatile data...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Karl Gilbert Gupta

Karl Gilbert is a security researcher who has contributed to the security of some widely used open-source software. His primary interests relate to vulnerability research, 0-days, cloud security, secure DevOps, and CI/CD.

See other products by Karl Gilbert Gupta

Benjamin Caudill

Benjamin Caudill is a security researcher and founder of pentesting firm Rhino Security Labs. Built on 10+ years of offensive security experience, Benjamin directed the company with research and development as its foundation, into a key resource for high-needs clients. Benjamin has also been a major contributor to AWS security research. With co-researcher Spencer Gietzen, the two have developed Pacu (the AWS exploitation framework) and identified dozens of new attack vectors in cloud architecture. Both GCP and Azure research are expected throughout 2019. As a regular contributor to the security industry, Benjamin been featured on CNN, Wired, Washington Post, and other major media outlets.

See other products by Benjamin Caudill