AWS Notes – AWS Pentesting

An Opinionated Ramp Up Guide to AWS Pentesting

https://awssecuritydigest.com/articles/opinionated-ramp-up-guide-to-aws-pentesting

https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58

Understanding the Shared Responsibility Model
https://www.wiz.io/academy/shared-responsibility-model

fwd:cloudsec
https://fwdcloudsec.org/

AWS Customer Support Policy for Penetration Testing
https://aws.amazon.com/security/penetration-testing/

Also, read this and follow the AWS pentesting rules.

Cloud Tests

1. One is a review of the external facing posture, which you can consider adjacent to a traditional External Network Penetration Test.
2. Another is a review of the AWS environment’s static configurations, which can be performed with Read-only permissions.
3. The last and more in-depth penetration test is a dynamic test from the perspective of an attacker who obtained an initial foothold in an AWS account.

Whether this is from keys accidentally published to GitHub, a disgruntled employee, or a server hosted on AWS was compromised, and credentials were obtained.  We want to ask ourselves what is more likely, a developer’s key being exposed through some arbitrary method or application, or a compute resource being exploited so an attacker can obtain credentials for an execution role. These are by far the most common ways that keys are exposed.

• https://github.com/nccgroup/ScoutSuite
• https://github.com/prowler-cloud/prowler
• https://hackingthe.cloud/