Summary
When attacking an AWS environment, it is important to come up with a definitive list of what AWS services they are using, as it allows you to formulate your attack plan better. Along with that, it is important to look at the configuration and setup that is deployed across all of these services to find misconfigurations and features to abuse and hopefully chain together to gain full access to the environment.
No service is too small to look at, as there are likely attack vectors across every single AWS service if you have the permissions to interact with them. This chapter aimed to show some attacks on some less common AWS servers (compared to EC2, S3, and so on), and attempted to show that many services have policy documents that ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access