AWS Penetration Testing
eBook - ePub

AWS Penetration Testing

  1. 330 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

AWS Penetration Testing

Book details
Book preview
Table of contents
Citations

About This Book

Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to ethical hacking and learn to secure your AWS environmentKey Featuresā€¢ Perform cybersecurity events such as red or blue team activities and functional testingā€¢ Gain an overview and understanding of AWS penetration testing and securityā€¢ Make the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practicesBook DescriptionCloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment. You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can't make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way. By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.What you will learnā€¢ Set up your AWS account and get well-versed in various pentesting servicesā€¢ Delve into a variety of cloud pentesting tools and methodologiesā€¢ Discover how to exploit vulnerabilities in both AWS and applicationsā€¢ Understand the legality of pentesting and learn how to stay in scopeā€¢ Explore cloud pentesting best practices, tips, and tricksā€¢ Become competent at using tools such as Kali Linux, Metasploit, and Nmapā€¢ Get to grips with post-exploitation procedures and find out how to write pentesting reportsWho this book is forIf you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding of cloud computing or AWS cloud is recommended.

Frequently asked questions

Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access AWS Penetration Testing by Jonathan Helmus in PDF and/or ePUB format, as well as other popular books in Business & Business Intelligence. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2020
ISBN
9781839213861
Edition
1
Topic
Business
Subtopic
Business Intelligence
Index
Business

Section 1: Setting Up AWS and Pentesting Environments

This section will give you a basic understanding and overview of AWS and pentesting methodologies at a beginner level. You will learn about the background of both AWS and pentesting, while also setting up a basic environment with vulnerable services that will be exploited throughout the book. You will not need any prior knowledge and will learn how to set up EC2 instances, as well as other various AWS services, from scratch.
This section contains the following chapters:
  • Chapter 1, Building Your AWS Environment
  • Chapter 2, Pentesting and Ethical Hacking

Chapter 1: Building Your AWS Environment

Amazon Web Services (AWS) is a growing cloud technology provider that many companies use to help house their data. Originating from Seattle, Washington in late 2006, AWS is steadily becoming the most prominent service provider. Due to its usability and its user-friendly interfaces, AWS is used by over 800,000 companies and makes up 65% or more of the cloud infrastructure space. Some of its better-known services, such as S3, Lambda, and EC2 will be frequently talked about through this book and are services that are commonly used in the real world.
This chapter is going to go over the basics of AWS and will walk through setting up an AWS account. It's important that we learn the basics of getting our AWS account configured and ready so that there isn't any additional housekeeping needed after setting up an account. After setting up an account, we'll walk through and set up a few EC2 instances with various flavors of operating systems, and look at vulnerable services within those operating systems. It's encouraged that, after completing the chapter, you look at building out more EC2 instances with other operating systems for your environment.
In this chapter, we'll explore AWS through the following topics:
  • Exploring Amazon Web Services
  • Understanding the testing environment
  • Configuring the environment
  • Exploring vulnerable services
  • Attacking vulnerabilities
  • The AWS Command Line Interface

Technical requirements

To follow along with the instructions in this chapter, you will need the following:
  • A browser of your choice (Chrome, Firefox, Edge)
  • PuTTY: https://www.chiark.greenend.org.uk/~sgtatham/putty/ (installation steps are covered in the Connecting with PuTTY section).
Check out the following video to see the Code in Action: https://bit.ly/3kPrVkh

Exploring Amazon Web Services (AWS)

AWS is a cloud service provided by Seattle tech company, Amazon. AWS's comprehensive and easy-to-use setup makes it very attractive to small start-ups and large corporations. It works by allowing companies and businesses to set up their infrastructure off-premises and within the physical resources of Amazon. This type of service, called Infrastructure as a Service, delivers cloud computing as a whole service. You will see more of how easy it is to automate and build in AWS as we set up our lab throughout this book. However, you'll also notice some issues that may commonly be overlooked, such as security.
AWS doesn't take full responsibility for companies' data and security. In fact, Amazon has put out a shared responsibility model that ensures that both parties understand their rights and responsibilities in terms of customers' data. After all, Amazon is a company that is known as customer-obsessed.

AWS security and penetration testing

As you read through this book, you'll be exposed to some different concepts that may not have been discussed before. The reason for this is due to AWS pentesting being a relatively new subject that is gaining popularity in the security space of information technology. The good thing about this is it allows subject matter experts to lend a hand in helping to create a pentesting culture around AWS and provides newer ideas for how penetration testing is executed in both AWS and system security.
Next, you're going to dive into AWS and create an account of your very own. After that, we'll get started by creating our own cloud pentest playground where we will set up a vulnerable host that can be tested later on.

Understanding our testing environment

It's essential to understand all the systems we are going to be deploying and their use in this book. Building a lab benefits security research because it allows you to perform the same tactics and techniques that real hackers would execute, without having to worry about breaking any laws. For our lab, we will be setting up various hosts that mimic real-life systems that you would see incorporated into businesses. The only difference is we will be using some much older versions of software and operating systems. The purpose of using older systems is because they typically are much more vulnerable than their up-to-date, newer versions, making learning pentesting much easier ā€“ and fun!
We want to ensure that we learn a little bit of everything, so we will be using both Windows- and Unix-based operating systems. These systems are built drastically differently but are systems that you will face in real-life pentesting situations.
Additionally, we will be using an operating system called "Kali Linux" as our hacking operating system. Kali Linux is a very popular hacking operating system used in the pentesting community, primarily due to its coming preinstalled with various hacking tool suites and being maintained by offensive security.

Configuring your environment

Configuring your environment is the most important task of this book. Without it, you won't have anything to test your skills! Building out an environment will teach you how to configure instances, add resources to them, and connect to them.

Setting up an account

To begin the process of creating your own AWS account, follow these steps:
  1. Please open a br...

Table of contents

  1. AWS Penetration Testing
  2. Why subscribe?
  3. Preface
  4. Section 1: Setting Up AWS and Pentesting Environments
  5. Chapter 1: Building Your AWS Environment
  6. Chapter 2: Pentesting and Ethical Hacking
  7. Section 2: Pentesting the Cloud ā€“ Exploiting AWS
  8. Chapter 3: Exploring Pentesting and AWS
  9. Chapter 4: Exploiting S3 Buckets
  10. Chapter 5: Understanding Vulnerable RDS Services
  11. Chapter 6: Setting Up and Pentesting AWS Aurora RDS
  12. Chapter 7: Assessing and Pentesting Lambda Services
  13. Chapter 8: Assessing AWS API Gateway
  14. Chapter 9: Real-Life Pentesting with Metasploit and More!
  15. Section 3: Lessons Learned ā€“ Report Writing, Staying within Scope, and Continued Learning
  16. Chapter 10: Pentesting Best Practices
  17. Chapter 11: Staying Out of Trouble
  18. Chapter 12: Other Projects with AWS
  19. Other Books You May Enjoy