AWS Penetration Testing

AWS Penetration Testing

by Jonathan Helmus
Released April 2021
Publisher(s): Packt Publishing
ISBN: 9781839216923

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to ethical hacking and learn to secure your AWS environment

Key Features

  • Perform cybersecurity events such as red or blue team activities and functional testing
  • Gain an overview and understanding of AWS penetration testing and security
  • Make the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practices

Book Description

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.

You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can't make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.

By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.

What you will learn

  • Set up your AWS account and get well-versed in various pentesting services
  • Delve into a variety of cloud pentesting tools and methodologies
  • Discover how to exploit vulnerabilities in both AWS and applications
  • Understand the legality of pentesting and learn how to stay in scope
  • Explore cloud pentesting best practices, tips, and tricks
  • Become competent at using tools such as Kali Linux, Metasploit, and Nmap
  • Get to grips with post-exploitation procedures and find out how to write pentesting reports

Who this book is for

If you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding of cloud computing or AWS cloud is recommended.

Table of contents

  1. AWS Penetration Testing
  2. Why subscribe?
  3. Contributors
  4. About the author
  5. About the reviewer
  6. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Code in Action
    6. Download the color images
    7. Conventions used
    8. Get in touch
    9. Reviews
  8. Section 1: Setting Up AWS and Pentesting Environments
  9. Chapter 1: Building Your AWS Environment
    1. Technical requirements
    2. Exploring Amazon Web Services (AWS)
      1. AWS security and penetration testing
    3. Understanding our testing environment
    4. Configuring your environment
      1. Setting up an account
      2. Setting up EC2 instances
      3. Setting up an EC2 instance with CentOS
      4. Setting up a Windows host
      5. Attacker setup – setting up a Kali instance
      6. Connecting with PuTTY
    5. Exploring vulnerable services
      1. Discovering vulnerable services
      2. Creating vulnerable services
    6. Attacking vulnerabilities
      1. Exploring Metasploit
    7. The AWS Command Line Interface (CLI)
      1. Installing the AWS CLI
      2. Exploring basic AWS CLI commands
    8. Summary
    9. Further reading
  10. Chapter 2: Pentesting and Ethical Hacking
    1. Technical requirements
    2. What is penetration testing?
      1. Finding critical issues before the bad guys do
      2. Pentesting methodology
      3. Types of pentesting
      4. Advantages and disadvantages
    3. Kali Linux
      1. Setting up a Linux image
      2. Exploring essential Linux commands
      3. NMAP
      4. AWS Inspector
      5. Metasploit
      6. Scripting
    4. Operating systems
      1. Linux/Unix
      2. Linux file permissions
      3. sudo
      4. Windows
      5. GUI
    5. Summary
    6. Further reading
  11. Section 2: Pentesting the Cloud – Exploiting AWS
  12. Chapter 3: Exploring Pentesting and AWS
    1. Technical requirements
    2. Exploring reconnaissance
      1. Driving enumeration for recon
      2. Harvesting email addresses
      3. The WHOIS command
      4. Netcraft
    3. Enumerating and understanding AWS services
      1. S3 buckets and discovering open buckets with web apps
      2. Lambda
      3. EC2 instances
    4. Scanning and examining targets for reconnaissance
      1. Metasploit
      2. Nmap
      3. LambdaGuard
      4. S3 scanning
    5. Knowing the attacker
    6. Creating attack paths
      1. Organic attack paths
      2. Goal-based attack paths
      3. AWS attack paths
      4. Pentesting attack paths
      5. Red teaming for businesses
      6. Diving into the attacker mindset
    7. Discovering SSH keys
      1. How the keys work
      2. Good hygiene
    8. Scanning and connecting to AWS
      1. Scanning with Nmap
      2. Starting Metasploit
      3. TCP scanning with Metasploit
      4. ACK scanning with Metasploit
      5. RDP scanning with Metasploit
      6. Connecting with Kali
      7. Connecting with Windows
    9. Learning from experience
    10. Summary
    11. Further reading
  13. Chapter 4: Exploiting S3 Buckets
    1. Technical requirements
    2. AWS Regions and Availability Zones
      1. Availability Zones
    3. Connecting and manipulating S3 buckets
      1. Understanding S3 buckets
      2. Using S3 buckets
      3. S3 buckets
      4. Quick detour – making IAM users
      5. Copying and uploading to S3
    4. Bucket policies and ACLs
      1. Public bucket policies
      2. Understanding policy attributes
      3. Writing bucket policies for policy bypassing
    5. Public buckets
      1. Bucket misconfigurations
    6. Scripts to find private buckets
      1. Python scripting
      2. Bash scripting
    7. Goal-based pentesting scenarios
    8. Discovering buckets with Grayhat Warfare
    9. S3 Burp Suite extensions
      1. Creating a local S3 lab
    10. Summary
    11. Further reading
  14. Chapter 5: Understanding Vulnerable RDS Services
    1. Technical requirements
    2. Understanding RDS
      1. Advantages of using RDS
      2. MySQL
      3. Aurora
    3. Setting up RDS (MySQL)
      1. Adding a rule to the security group
      2. Testing the connection
      3. Scanning RDS
    4. Understanding basic SQL syntax
    5. Database maneuvering and exploration
      1. Dumping hashes with Metasploit
      2. Creating RDS databases
    6. Understanding misconfigurations
      1. Weak passwords
      2. Unpatched databases
    7. Learning about injection points
      1. What is an injection?
      2. How does it work?
      3. Why is it an issue?
    8. Summary
    9. Further reading
  15. Chapter 6: Setting Up and Pentesting AWS Aurora RDS
    1. Technical requirements
    2. Understanding and setting up the Aurora RDS
      1. Setting up Aurora
    3. White box/functional pentesting Aurora
      1. Recon – scanning for public access
      2. Enumerating the username and password
    4. Setting up a lab for SQLi
      1. Configuring Juice Shop autostart
    5. Fun with SQLi
      1. Bypassing the admin login
      2. Logging in as another user
      3. Preventing SQLi
    6. Avoiding DoS
      1. Infrastructure-layer attacks
      2. Application-layer attacks
      3. Protection against DDoS in AWS
    7. Summary
    8. Further reading
  16. Chapter 7: Assessing and Pentesting Lambda Services
    1. Technical requirements
    2. Understanding and setting up a Lambda service
      1. Creating a Lambda function
    3. Digging into Lambda
      1. Creating a Lambda function that is compatible with S3
    4. Understanding misconfigurations
    5. Popping reverse shells with Lambda
      1. The coolness of reverse shells
      2. The ethical hacking game plan
      3. Invoking with AWS CLI
      4. Having fun with Metasploit and Lambda
    6. Summary
    7. Further reading
  17. Chapter 8: Assessing AWS API Gateway
    1. Technical requirements
    2. Exploring and configuring AWS APIs
      1. RESTful APIs
      2. WebSocket APIs
      3. An overview of API maps
    3. Creating our first API with AWS
    4. Getting started with Burp Suite
      1. Configuring Burp Suite
    5. Inspecting traffic with Burp Suite
      1. Deploying the API gateway
      2. Getting practical with intercepting API calls
    6. Manipulating API calls
      1. Fun with altering HTTP methods
    7. Summary
    8. Further reading
  18. Chapter 9: Real-Life Pentesting with Metasploit and More!
    1. Technical requirements
    2. Real pentesting with Metasploit
      1. What is functional testing?
      2. In the dark with black-box testing
    3. The pentest pregame
      1. Renaming our VPC for clarity
      2. Updating Metasploit
    4. Targeting WordPress for exploitation
      1. The scenario - gaining unauthorized access
      2. Setting the target with Lightsail
      3. Enumerating the target
      4. Phishing for credentials
      5. Gaining access to WordPress
      6. Exploiting and getting a reverse shell
      7. Discussing the issues
    5. Targeting vulnerable service applications
      1. The scenario – discovering and attacking any low-hanging fruit
      2. Setting up the target with community AMIs
      3. Scanning for open ports
      4. Information gathering for vulnerable services
      5. Using Metasploit for total system takeover
      6. Post exploitation and weakening additional services
      7. Reporting the vulnerabilities
    6. Exploring AWS Metasploit modules
      1. Stealing user credentials
      2. Discovering EC2 instances in our unknown environment
      3. Enumerating S3 buckets with Metasploit
    7. Summary
    8. Further reading
  19. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning
  20. Chapter 10: Pentesting Best Practices
    1. Technical requirements
    2. Pentesting methodology for AWS
      1. Reconnaissance
      2. Exploitation
      3. Post-exploitation
      4. Reporting
    3. Knowing your pentest and the unknowns of AWS pentesting
      1. Obtaining AWS credentials
      2. Owners of resources
      3. Credentials to applications 
      4. Revealing private and public networks
    4. Pre-conditioning for the pentest
      1. Team member assignments
      2. Documentation preparation
      3. Contact list
    5. Avoiding communication breakdown
      1. Daily start and stop emails
      2. Making use of meetings
      3. Answering questions short and simple
    6. Achieving security and not obscurity
      1. Security through obscurity
      2. Avoiding obscurity with S3 buckets
    7. Post-pentest – after the pentest
      1. Post-pentest meeting
      2. Reporting
      3. Six-month follow-up
    8. Summary
    9. Further reading
  21. Chapter 11: Staying Out of Trouble
    1. Prohibited activities
      1. Exhausting services via DoS
      2. Understanding flooding
    2. Avoiding legal issues 
      1. Get-out-of-jail-free card
      2. Potential damage 
      3. Understanding the data classifications 
    3. Stress testing
      1. Why stress test?
      2. Authorized stress testing
    4. Summary
    5. Further reading
  22. Chapter 12: Other Projects with AWS
    1. Technical requirements
    2. Understanding the MITRE ATT&CK framework
      1. Understanding TTPs with AWS matrixes
      2. Discovering MITRE ATT&CK Navigator
    3. Taking the bait with phishing
      1. Executing phishing with AWS
    4. Summary
    5. Further reading
  23. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: AWS Penetration Testing
  • Author(s): Jonathan Helmus
  • Release date: April 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781839216923