Please enable JavaScript.
Coggle requires JavaScript to display documents.
Exploiting AWS Services (lambda (what are lambda functions? (setting up a…
Exploiting AWS Services
EC2
Setting up your EC2 instance
storage types
configuring VPC settings
configuring firewall settings
configuring EC2 authentication
Setting up Kali Linux in the cloud
Penetration testing of EC2 instances
EBS and snapshots
Extracting deleted data for fun
creating. attaching and detaching new EBS volumes
Full Disk Encryption on EBS Volumes
S3
creating a vulnerable s3 bucket
understanding s3 perminssions
exploiting overly permissive s3 buckets
extracting sensitive information
injecting malicous code in s3 buckets
backdooring s3 buckets
IAM
What is IAM?
creating IAM users. groups and roles and associated privileges
using AWS access keys(AWS CLI)
Privilege escalation using stolen keys, boto3 and pacu
using boto3 and pacu for persistence
backdooring users
backdooring role trust relationships
Backdooring EC2 Security Groups
using lambda functions as watchdogs
lambda
setting up a vulneable lambda function
what are lambda functions?
setting up a vulnerable lambda function
attacking lambda functions with read access
attacking lambda functions with read/write access?
privoting
RDS
setting up a vulnerable RDS instance
exploitation
more research
other services
route 53
SES
cloud formation
ECR
attacking logging and security services
cloud trail
guard duty
auditing AWS
scout suite
setup
fine tune scout suite settings
importing scout suite findings to limb
exploiting using pacu (open source tool)
demo or screenshots
putting it all together