AWS Penetration Testing: Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Cover
Title Page
Copyright and Credits
About Packt
Contributors
Table of Contents
Preface
Section 1: Setting Up AWS and Pentesting Environments
Chapter 1: Building Your AWS Environment
	Technical requirements
	Exploring Amazon Web Services (AWS)
		AWS security and penetration testing
	Understanding our testing environment
	Configuring your environment
		Setting up an account
		Setting up EC2 instances
		Setting up an EC2 instance with CentOS
		Setting up a Windows host
		Attacker setup – setting up a Kali instance
		Connecting with PuTTY
	Exploring vulnerable services
		Discovering vulnerable services
		Creating vulnerable services
	Attacking vulnerabilities
		Exploring Metasploit
	The AWS Command Line Interface (CLI)
		Installing the AWS CLI
		Exploring basic AWS CLI commands
	Summary
	Further reading
Chapter 2: Pentesting and Ethical Hacking
	Technical requirements
	What is penetration testing?
		Finding critical issues before the bad guys do
		Pentesting methodology
		Types of pentesting
		Advantages and disadvantages
	Kali Linux
		Setting up a Linux image
		Exploring essential Linux commands
		NMAP
		AWS Inspector
		Metasploit
		Scripting
	Operating systems
		Linux/Unix
		Linux file permissions
		sudo
		Windows
		GUI
	Summary
	Further reading
Section 2: Pentesting the Cloud – Exploiting AWS
Chapter 3: Exploring Pentesting and AWS
	Technical requirements
	Exploring reconnaissance
		Driving enumeration for recon
		Harvesting email addresses
		The WHOIS command
		Netcraft
	Enumerating and understanding AWS services
		S3 buckets and discovering open buckets with web apps
		Lambda
		EC2 instances
	Scanning and examining targets for reconnaissance
		Metasploit
		Nmap
		LambdaGuard
		S3 scanning
	Knowing the attacker
	Creating attack paths
		Organic attack paths
		Goal-based attack paths
		AWS attack paths
		Pentesting attack paths
		Red teaming for businesses
		Diving into the attacker mindset
	Discovering SSH keys
		How the keys work
		Good hygiene
	Scanning and connecting to AWS
		Scanning with Nmap
		Starting Metasploit
		TCP scanning with Metasploit
		ACK scanning with Metasploit
		RDP scanning with Metasploit
		Connecting with Kali
		Connecting with Windows
	Learning from experience
	Summary
	Further reading
Chapter 4: Exploiting S3 Buckets
	Technical requirements
	AWS Regions and Availability Zones
		Availability Zones
	Connecting and manipulating S3 buckets
		Understanding S3 buckets
		Using S3 buckets
		S3 buckets
		Quick detour – making IAM users
		Copying and uploading to S3
	Bucket policies and ACLs
		Public bucket policies
		Understanding policy attributes
		Writing bucket policies for policy bypassing
	Public buckets
		Bucket misconfigurations
	Scripts to find private buckets
		Python scripting
		Bash scripting
	Goal-based pentesting scenarios
	Discovering buckets with Grayhat Warfare
	S3 Burp Suite extensions
		Creating a local S3 lab
	Summary
	Further reading
Chapter 5: Understanding Vulnerable RDS Services
	Technical requirements
	Understanding RDS
		Advantages of using RDS
		MySQL
		Aurora
	Setting up RDS (MySQL)
		Adding a rule to the security group
		Testing the connection
		Scanning RDS
	Understanding basic SQL syntax
	Database maneuvering and exploration
		Dumping hashes with Metasploit
		Creating RDS databases
	Understanding misconfigurations
		Weak passwords
		Unpatched databases
	Learning about injection points
		What is an injection?
		How does it work?
		Why is it an issue?
	Summary
	Further reading
Chapter 6: Setting Up and Pentesting AWS Aurora RDS
	Technical requirements
	Understanding and setting up the Aurora RDS
		Setting up Aurora
	White box/functional pentesting Aurora
		Recon – scanning for public access
		Enumerating the username and password
	Setting up a lab for SQLi
		Configuring Juice Shop autostart
	Fun with SQLi
		Bypassing the admin login
		Logging in as another user
		Preventing SQLi
	Avoiding DoS
		Infrastructure-layer attacks
		Application-layer attacks
		Protection against DDoS in AWS
	Summary
	Further reading
Chapter 7: Assessing and Pentesting Lambda Services
	Technical requirements
	Understanding and setting up a Lambda service
		Creating a Lambda function
	Digging into Lambda
		Creating a Lambda function that is compatible with S3
	Understanding misconfigurations
	Popping reverse shells with Lambda
		The coolness of reverse shells
		The ethical hacking game plan
		Invoking with AWS CLI
		Having fun with Metasploit and Lambda
	Summary
	Further reading
Chapter 8: Assessing AWS API Gateway
	Technical requirements
	Exploring and configuring AWS APIs
		RESTful APIs
		WebSocket APIs
		An overview of API maps
	Creating our first API with AWS
	Getting started with Burp Suite
		Configuring Burp Suite
	Inspecting traffic with Burp Suite
		Deploying the API gateway
		Getting practical with intercepting API calls
	Manipulating API calls
		Fun with altering HTTP methods
	Summary
	Further reading
Chapter 9: Real-Life Pentesting with Metasploit and More!
	Technical requirements
	Real pentesting with Metasploit
		What is functional testing?
		In the dark with black-box testing
	The pentest pregame
		Renaming our VPC for clarity
		Updating Metasploit
	Targeting WordPress for exploitation
		The scenario - gaining unauthorized access
		Setting the target with Lightsail
		Enumerating the target
		Phishing for credentials
		Gaining access to WordPress
		Exploiting and getting a reverse shell
		Discussing the issues
	Targeting vulnerable service applications
		The scenario – discovering and attacking any low-hanging fruit
		Setting up the target with community AMIs
		Scanning for open ports
		Information gathering for vulnerable services
		Using Metasploit for total system takeover
		Post exploitation and weakening additional services
		Reporting the vulnerabilities
	Exploring AWS Metasploit modules
		Stealing user credentials
		Discovering EC2 instances in our unknown environment
		Enumerating S3 buckets with Metasploit
	Summary
	Further reading
Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning
Chapter 10: Pentesting Best Practices
	Technical requirements
	Pentesting methodology for AWS
		Reconnaissance
		Exploitation
		Post-exploitation
		Reporting
	Knowing your pentest and the unknowns of AWS pentesting
		Obtaining AWS credentials
		Owners of resources
		Credentials to applications 
		Revealing private and public networks
	Pre-conditioning for the pentest
		Team member assignments
		Documentation preparation
		Contact list
	Avoiding communication breakdown
		Daily start and stop emails
		Making use of meetings
		Answering questions short and simple
	Achieving security and not obscurity
		Security through obscurity
		Avoiding obscurity with S3 buckets
	Post-pentest – after the pentest
		Post-pentest meeting
		Reporting
		Six-month follow-up
	Summary
	Further reading
Chapter 11: Staying Out of Trouble
	Prohibited activities
		Exhausting services via DoS
		Understanding flooding
	Avoiding legal issues 
		Get-out-of-jail-free card
		Potential damage 
		Understanding the data classifications 
	Stress testing
		Why stress test?
		Authorized stress testing
	Summary
	Further reading
Chapter 12: Other Projects with AWS
	Technical requirements
	Understanding the MITRE ATT&CK framework
		Understanding TTPs with AWS matrixes
		Discovering MITRE ATT&CK Navigator
	Taking the bait with phishing
		Executing phishing with AWS
	Summary
	Further reading
Other Books You May Enjoy
Index