ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-20 03:16:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Changed summary and chapters

Browse Source 
Changed summary to include the cheatsheet and also changed the format of the cheatsheet to be the same as the original file
This commit is contained in:
pop3ret 2022-10-09 16:01:14 -03:00 committed by GitHub
parent cabc51e43b
commit 4b4a630085
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Methodology and Resources/Cloud - AWS Pentest.md
View File

@ -28,6 +28,7 @@
- [Cover tracks by obfuscating Cloudtrail logs and Guard Duty](#cover-tracks-by-obfuscating-cloudtrail-logs-and-guard-duty) - [Cover tracks by obfuscating Cloudtrail logs and Guard Duty](#cover-tracks-by-obfuscating-cloudtrail-logs-and-guard-duty)
- [DynamoDB](#dynamodb) - [DynamoDB](#dynamodb)
- [Security checks](#security-checks) - [Security checks](#security-checks)
- [AWSome Pentesting Cheatsheet](#awsome-pentesting-cheatsheet)
- [References](#references) - [References](#references)
## Training ## Training
@ -690,7 +691,7 @@ Security checks from [DenizParlak/Zeus: AWS Auditing & Hardening Tool](https://g
* Ensure a log metric filter and alarm exist for route table changes * Ensure a log metric filter and alarm exist for route table changes
* Ensure a log metric filter and alarm exist for VPC changes * Ensure a log metric filter and alarm exist for VPC changes
## AWSome Pentesting Cheatsheet
## Searching for open buckets ## Searching for open buckets
``` ```
@ -713,7 +714,7 @@ arn:aws:iam:100:user/admin
4. Field -> User ID 4. Field -> User ID
5. Field -> entity identifier 5. Field -> entity identifier
# IAM ## IAM
* It's assumed that we have gain access to the AWS Credentials * It's assumed that we have gain access to the AWS Credentials
* We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**) * We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**)
* Always look for policies and roles with the * symbol. * Always look for policies and roles with the * symbol.
@ -1072,7 +1073,7 @@ export AWS_SESSION_TOKEN
aws sts get-caller-identity aws sts get-caller-identity
``` ```
# S3 - Simple Storage System ## S3 - Simple Storage System
* Storage system that allow users to store and retrieve data. * Storage system that allow users to store and retrieve data.
* List,Get,Put and Delete operations can be performed on the objects of the bucket * List,Get,Put and Delete operations can be performed on the objects of the bucket
@ -1147,7 +1148,7 @@ aws s3api get-object --bucket name --key object-name download-file-location
aws s3 presign s3://bucket-name/object-name --expires-in 605000 aws s3 presign s3://bucket-name/object-name --expires-in 605000
``` ```
# Lambda & API Gateway ## Lambda & API Gateway
* Serverless event driven platform * Serverless event driven platform
* Runs code in response to events and automatically manages computing resources required by that code * Runs code in response to events and automatically manages computing resources required by that code
* Can trigger from other AWS services or call directly from the API Gateway * Can trigger from other AWS services or call directly from the API Gateway
@ -1445,7 +1446,7 @@ aws lambda invoke --function-name name response.json --region region
aws iam list-attached-user-policies --user-name user_name aws iam list-attached-user-policies --user-name user_name
``` ```
# AWS Secret Manager ## AWS Secret Manager
* AWS Service that encrypts and store secrets * AWS Service that encrypts and store secrets
* Transparently decrypts and return in plaintext * Transparently decrypts and return in plaintext
@ -1579,7 +1580,7 @@ aws kms get-key-policy --policy-name name --key-id ID
aws kms decrypt --ciphertext-blob fileb://EncryptedFile --output text --query plaintext aws kms decrypt --ciphertext-blob fileb://EncryptedFile --output text --query plaintext
``` ```
# Containers ## Containers
Divided into three categories Divided into three categories
@ -1785,7 +1786,7 @@ docker tag image_name ecr_addr:Image_Name
docker push ecr_addr:Image_Name docker push ecr_addr:Image_Name
``` ```
# EC2 ## EC2
* AMI, images used to create virtual machines * AMI, images used to create virtual machines
* It's possible to create a malicious image to compromise users * It's possible to create a malicious image to compromise users
@ -2127,7 +2128,7 @@ TOKEN=$(aws rds generate-db-auth-token --hostname hostname --port port --usernam
mysql -h hostname -u name -P port --enable-cleartext-plugin --user=user --password=$TOKEN mysql -h hostname -u name -P port --enable-cleartext-plugin --user=user --password=$TOKEN
``` ```
# SSO & Other Services ## SSO & Other Services
## Single Sign On (SSO) ## Single Sign On (SSO)
@ -2190,7 +2191,7 @@ aws cloudtrail update-trail --name example_trail --no-include-global-service-eve
* Threat detection service that monitors for malicious activity and unauthorized behavior * Threat detection service that monitors for malicious activity and unauthorized behavior
* Works by collecting and analyzing logs * Works by collecting and analyzing logs
# Virtual Private Cloud ## Virtual Private Cloud
* Used to create an isolated infrastructure within the cloud, including subnets and so on. * Used to create an isolated infrastructure within the cloud, including subnets and so on.
* If the VPC has an internet gateway, means its a public subnet * If the VPC has an internet gateway, means its a public subnet