ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Changed summary and chapters

Browse Source 
Changed summary to include the cheatsheet and also changed the format of the cheatsheet to be the same as the original file
This commit is contained in:
pop3ret 2022-10-09 16:01:14 -03:00 committed by GitHub
parent cabc51e43b
commit 4b4a630085
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Methodology and Resources/Cloud - AWS Pentest.md
View File

@ -28,6 +28,7 @@
- [Cover tracks by obfuscating Cloudtrail logs and Guard Duty](#cover-tracks-by-obfuscating-cloudtrail-logs-and-guard-duty)
- [DynamoDB](#dynamodb)
- [Security checks](#security-checks)
- [AWSome Pentesting Cheatsheet](#awsome-pentesting-cheatsheet)
- [References](#references)
## Training
@ -690,7 +691,7 @@ Security checks from [DenizParlak/Zeus: AWS Auditing & Hardening Tool](https://g
* Ensure a log metric filter and alarm exist for route table changes
* Ensure a log metric filter and alarm exist for VPC changes
## AWSome Pentesting Cheatsheet
## Searching for open buckets
```
@ -713,7 +714,7 @@ arn:aws:iam:100:user/admin
4. Field -> User ID
5. Field -> entity identifier
# IAM
## IAM
* It's assumed that we have gain access to the AWS Credentials
* We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**)
* Always look for policies and roles with the * symbol.
@ -1072,7 +1073,7 @@ export AWS_SESSION_TOKEN
aws sts get-caller-identity
```
# S3 - Simple Storage System
## S3 - Simple Storage System
* Storage system that allow users to store and retrieve data.
* List,Get,Put and Delete operations can be performed on the objects of the bucket
@ -1147,7 +1148,7 @@ aws s3api get-object --bucket name --key object-name download-file-location
aws s3 presign s3://bucket-name/object-name --expires-in 605000
```
# Lambda & API Gateway
## Lambda & API Gateway
* Serverless event driven platform
* Runs code in response to events and automatically manages computing resources required by that code
* Can trigger from other AWS services or call directly from the API Gateway
@ -1445,7 +1446,7 @@ aws lambda invoke --function-name name response.json --region region
aws iam list-attached-user-policies --user-name user_name
```
# AWS Secret Manager
## AWS Secret Manager
* AWS Service that encrypts and store secrets
* Transparently decrypts and return in plaintext
@ -1579,7 +1580,7 @@ aws kms get-key-policy --policy-name name --key-id ID
aws kms decrypt --ciphertext-blob fileb://EncryptedFile --output text --query plaintext
```
# Containers
## Containers
Divided into three categories
@ -1785,7 +1786,7 @@ docker tag image_name ecr_addr:Image_Name
docker push ecr_addr:Image_Name
```
# EC2
## EC2
* AMI, images used to create virtual machines
* It's possible to create a malicious image to compromise users
@ -2127,7 +2128,7 @@ TOKEN=$(aws rds generate-db-auth-token --hostname hostname --port port --usernam
mysql -h hostname -u name -P port --enable-cleartext-plugin --user=user --password=$TOKEN
```
# SSO & Other Services
## SSO & Other Services
## Single Sign On (SSO)
@ -2190,7 +2191,7 @@ aws cloudtrail update-trail --name example_trail --no-include-global-service-eve
* Threat detection service that monitors for malicious activity and unauthorized behavior
* Works by collecting and analyzing logs
# Virtual Private Cloud
## Virtual Private Cloud
* Used to create an isolated infrastructure within the cloud, including subnets and so on.
* If the VPC has an internet gateway, means its a public subnet