You're reading from AWS Penetration Testing Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781839216923

Length 330 pages

Edition 1st Edition

Languages

Tools

AWS

Concepts

Cloud Security

Author (1):

Jonathan Helmus

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Setting Up AWS and Pentesting Environments

2. Chapter 1: Building Your AWS Environment FREE CHAPTER

3. Chapter 2: Pentesting and Ethical Hacking

4. Section 2: Pentesting the Cloud – Exploiting AWS

5. Chapter 3: Exploring Pentesting and AWS

6. Chapter 4: Exploiting S3 Buckets

7. Chapter 5: Understanding Vulnerable RDS Services

8. Chapter 6: Setting Up and Pentesting AWS Aurora RDS

9. Chapter 7: Assessing and Pentesting Lambda Services

10. Chapter 8: Assessing AWS API Gateway

11. Chapter 9: Real-Life Pentesting with Metasploit and More!

12. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning

13. Chapter 10: Pentesting Best Practices

14. Chapter 11: Staying Out of Trouble

15. Chapter 12: Other Projects with AWS

16. Other Books You May Enjoy

Leave a review - let other readers know what you think

Knowing the attacker

Say you are on a pentesting assignment, and your client asks you to test their systems. There are a couple of ways we can do this. We can do it from an outsider perspective, or from an insider perspective. Both offer the client a different return of results and return on investment based on the client's business needs. Let's take a quick look at what exactly an insider and an outsider are.

Insiders

The more common request will be from an insider perspective. Insiders are considered employees or someone with access to the client's systems. This means you, the tester, would be given the information needed to connect to the AWS environment. You'll be given an account ID and credentials to access the cloud environment, and from there can let your scripts run to find issues in S3.

Often, white-box pentesting will be combined with an insider perspective. What that translates into is the client needs the pentesting firm to check for anything...