From 522b55eec5fb6eac2214def36cab029ef55d9a55 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Fri, 7 Oct 2022 10:50:59 +0200 Subject: [PATCH] Update Cloud - AWS Pentest.md --- .../Cloud - AWS Pentest.md | 23 ++++--------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index e4cc372..3d6c84a 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -181,7 +181,9 @@ find_admins: Look at IAM policies to identify admin users and roles, or principals with specific privileges ``` -* [dufflebag](https://labs.bishopfox.com/dufflebag) - Find secrets that are accidentally exposed via Amazon EBS’s “public” mode +* [dufflebag](https://labs.bishopfox.com/dufflebag) - Find secrets that are accidentally exposed via Amazon EBS's "public" mode +* [NetSPI/AWS Consoler](https://github.com/NetSPI/aws_consoler) - Convert AWS Credentials into a console access + ## AWS Patterns @@ -638,7 +640,7 @@ $ aws --endpoint-url http://s3.bucket.htb dynamodb scan --table-name users | jq ## Security checks -https://github.com/DenizParlak/Zeus +Security checks from [DenizParlak/Zeus: AWS Auditing & Hardening Tool](https://github.com/DenizParlak/Zeus) * Identity and Access Management * Avoid the use of the "root" account @@ -688,23 +690,6 @@ https://github.com/DenizParlak/Zeus * Ensure a log metric filter and alarm exist for route table changes * Ensure a log metric filter and alarm exist for VPC changes -# AWSome Pentesting Cheatsheet (By pop3ret) - -* This guide was created to help pentesters learning more about AWS misconfigurations and ways to abuse them. -* It was created with my notes gathered with uncontable hours of study and annotations from various places -* It's assumed that you have the AWS keys (~~This is not difficult to find, just look in developer's github~~) -* Author -> pop3ret - -# General Guidelines and tools - -* [Scout Suite](https://github.com/nccgroup/ScoutSuite) -> Security Healthcheck -* [Pacu](https://github.com/RhinoSecurityLabs/pacu) -> AWS Exploitation Framework -* [SkyArk](https://github.com/cyberark/SkyArk) -> Discover most privileged users within AWS infrastructure -* [Boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) -> AWS SDK for python -* [AWS Consoler](https://github.com/NetSPI/aws_consoler) -> Convert AWS Credentials into a console access - - -# AWS Cheatsheet ## Searching for open buckets