ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 10:26:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Cloud - AWS Pentest.md

Browse Source
This commit is contained in:
Swissky 2022-10-07 10:50:59 +02:00 committed by GitHub
parent 00189411d4
commit 522b55eec5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Methodology and Resources/Cloud - AWS Pentest.md
View File

@ -181,7 +181,9 @@
find_admins: Look at IAM policies to identify admin users and roles, or principals with specific privileges
```
* [dufflebag](https://labs.bishopfox.com/dufflebag) - Find secrets that are accidentally exposed via Amazon EBSs “public” mode
* [dufflebag](https://labs.bishopfox.com/dufflebag) - Find secrets that are accidentally exposed via Amazon EBS's "public" mode
* [NetSPI/AWS Consoler](https://github.com/NetSPI/aws_consoler) - Convert AWS Credentials into a console access
## AWS Patterns
@ -638,7 +640,7 @@ $ aws --endpoint-url http://s3.bucket.htb dynamodb scan --table-name users | jq
## Security checks
https://github.com/DenizParlak/Zeus
Security checks from [DenizParlak/Zeus: AWS Auditing & Hardening Tool](https://github.com/DenizParlak/Zeus)
* Identity and Access Management
* Avoid the use of the "root" account
@ -688,23 +690,6 @@ https://github.com/DenizParlak/Zeus
* Ensure a log metric filter and alarm exist for route table changes
* Ensure a log metric filter and alarm exist for VPC changes
# AWSome Pentesting Cheatsheet (By pop3ret)
* This guide was created to help pentesters learning more about AWS misconfigurations and ways to abuse them.
* It was created with my notes gathered with uncontable hours of study and annotations from various places
* It's assumed that you have the AWS keys (~~This is not difficult to find, just look in developer's github~~)
* Author -> pop3ret
# General Guidelines and tools
* [Scout Suite](https://github.com/nccgroup/ScoutSuite) -> Security Healthcheck
* [Pacu](https://github.com/RhinoSecurityLabs/pacu) -> AWS Exploitation Framework
* [SkyArk](https://github.com/cyberark/SkyArk) -> Discover most privileged users within AWS infrastructure
* [Boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) -> AWS SDK for python
* [AWS Consoler](https://github.com/NetSPI/aws_consoler) -> Convert AWS Credentials into a console access
# AWS Cheatsheet
## Searching for open buckets