mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Changed summary and chapters
Changed summary to include the cheatsheet and also changed the format of the cheatsheet to be the same as the original file
This commit is contained in:
parent
cabc51e43b
commit
4b4a630085
@ -28,6 +28,7 @@
|
|||||||
- [Cover tracks by obfuscating Cloudtrail logs and Guard Duty](#cover-tracks-by-obfuscating-cloudtrail-logs-and-guard-duty)
|
- [Cover tracks by obfuscating Cloudtrail logs and Guard Duty](#cover-tracks-by-obfuscating-cloudtrail-logs-and-guard-duty)
|
||||||
- [DynamoDB](#dynamodb)
|
- [DynamoDB](#dynamodb)
|
||||||
- [Security checks](#security-checks)
|
- [Security checks](#security-checks)
|
||||||
|
- [AWSome Pentesting Cheatsheet](#awsome-pentesting-cheatsheet)
|
||||||
- [References](#references)
|
- [References](#references)
|
||||||
|
|
||||||
## Training
|
## Training
|
||||||
@ -690,7 +691,7 @@ Security checks from [DenizParlak/Zeus: AWS Auditing & Hardening Tool](https://g
|
|||||||
* Ensure a log metric filter and alarm exist for route table changes
|
* Ensure a log metric filter and alarm exist for route table changes
|
||||||
* Ensure a log metric filter and alarm exist for VPC changes
|
* Ensure a log metric filter and alarm exist for VPC changes
|
||||||
|
|
||||||
|
## AWSome Pentesting Cheatsheet
|
||||||
## Searching for open buckets
|
## Searching for open buckets
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -713,7 +714,7 @@ arn:aws:iam:100:user/admin
|
|||||||
4. Field -> User ID
|
4. Field -> User ID
|
||||||
5. Field -> entity identifier
|
5. Field -> entity identifier
|
||||||
|
|
||||||
# IAM
|
## IAM
|
||||||
* It's assumed that we have gain access to the AWS Credentials
|
* It's assumed that we have gain access to the AWS Credentials
|
||||||
* We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**)
|
* We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**)
|
||||||
* Always look for policies and roles with the * symbol.
|
* Always look for policies and roles with the * symbol.
|
||||||
@ -1072,7 +1073,7 @@ export AWS_SESSION_TOKEN
|
|||||||
aws sts get-caller-identity
|
aws sts get-caller-identity
|
||||||
```
|
```
|
||||||
|
|
||||||
# S3 - Simple Storage System
|
## S3 - Simple Storage System
|
||||||
|
|
||||||
* Storage system that allow users to store and retrieve data.
|
* Storage system that allow users to store and retrieve data.
|
||||||
* List,Get,Put and Delete operations can be performed on the objects of the bucket
|
* List,Get,Put and Delete operations can be performed on the objects of the bucket
|
||||||
@ -1147,7 +1148,7 @@ aws s3api get-object --bucket name --key object-name download-file-location
|
|||||||
aws s3 presign s3://bucket-name/object-name --expires-in 605000
|
aws s3 presign s3://bucket-name/object-name --expires-in 605000
|
||||||
```
|
```
|
||||||
|
|
||||||
# Lambda & API Gateway
|
## Lambda & API Gateway
|
||||||
* Serverless event driven platform
|
* Serverless event driven platform
|
||||||
* Runs code in response to events and automatically manages computing resources required by that code
|
* Runs code in response to events and automatically manages computing resources required by that code
|
||||||
* Can trigger from other AWS services or call directly from the API Gateway
|
* Can trigger from other AWS services or call directly from the API Gateway
|
||||||
@ -1445,7 +1446,7 @@ aws lambda invoke --function-name name response.json --region region
|
|||||||
aws iam list-attached-user-policies --user-name user_name
|
aws iam list-attached-user-policies --user-name user_name
|
||||||
```
|
```
|
||||||
|
|
||||||
# AWS Secret Manager
|
## AWS Secret Manager
|
||||||
|
|
||||||
* AWS Service that encrypts and store secrets
|
* AWS Service that encrypts and store secrets
|
||||||
* Transparently decrypts and return in plaintext
|
* Transparently decrypts and return in plaintext
|
||||||
@ -1579,7 +1580,7 @@ aws kms get-key-policy --policy-name name --key-id ID
|
|||||||
aws kms decrypt --ciphertext-blob fileb://EncryptedFile --output text --query plaintext
|
aws kms decrypt --ciphertext-blob fileb://EncryptedFile --output text --query plaintext
|
||||||
```
|
```
|
||||||
|
|
||||||
# Containers
|
## Containers
|
||||||
|
|
||||||
Divided into three categories
|
Divided into three categories
|
||||||
|
|
||||||
@ -1785,7 +1786,7 @@ docker tag image_name ecr_addr:Image_Name
|
|||||||
docker push ecr_addr:Image_Name
|
docker push ecr_addr:Image_Name
|
||||||
```
|
```
|
||||||
|
|
||||||
# EC2
|
## EC2
|
||||||
|
|
||||||
* AMI, images used to create virtual machines
|
* AMI, images used to create virtual machines
|
||||||
* It's possible to create a malicious image to compromise users
|
* It's possible to create a malicious image to compromise users
|
||||||
@ -2127,7 +2128,7 @@ TOKEN=$(aws rds generate-db-auth-token --hostname hostname --port port --usernam
|
|||||||
mysql -h hostname -u name -P port --enable-cleartext-plugin --user=user --password=$TOKEN
|
mysql -h hostname -u name -P port --enable-cleartext-plugin --user=user --password=$TOKEN
|
||||||
```
|
```
|
||||||
|
|
||||||
# SSO & Other Services
|
## SSO & Other Services
|
||||||
|
|
||||||
## Single Sign On (SSO)
|
## Single Sign On (SSO)
|
||||||
|
|
||||||
@ -2190,7 +2191,7 @@ aws cloudtrail update-trail --name example_trail --no-include-global-service-eve
|
|||||||
* Threat detection service that monitors for malicious activity and unauthorized behavior
|
* Threat detection service that monitors for malicious activity and unauthorized behavior
|
||||||
* Works by collecting and analyzing logs
|
* Works by collecting and analyzing logs
|
||||||
|
|
||||||
# Virtual Private Cloud
|
## Virtual Private Cloud
|
||||||
|
|
||||||
* Used to create an isolated infrastructure within the cloud, including subnets and so on.
|
* Used to create an isolated infrastructure within the cloud, including subnets and so on.
|
||||||
* If the VPC has an internet gateway, means its a public subnet
|
* If the VPC has an internet gateway, means its a public subnet
|
||||||
|
Loading…
Reference in New Issue
Block a user