Although we already have an EC2 instance that we have access to and that provides us access to an administrator level role in the environment, we shouldn't rely on it as our sole method of persistence for a few reasons. The role could change at any moment, such as if it was deleted or had its privileges modified, which would remove or weaken our persistent access.

The EC2 instance could be noted as suspicious and shut down at any point, removing our persistent access. Also, EC2 security groups rules could be modified, blocking outbound access from the instance, meaning we will no longer receive our reverse shell. Finally, we might lose the reverse shell connection, which means we would need to wait until the instance is restarted ...

Get Hands-On AWS Penetration Testing with Kali Linux now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.