E-book details

Hands-On AWS Penetration Testing with Kali Linux. Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Hands-On AWS Penetration Testing with Kali Linux. Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Karl Gilbert, Benjamin Caudill

Ebook
The cloud is taking over the IT industry. Any organization housing a large amount of data or a large infrastructure has started moving cloud-ward — and AWS rules the roost when it comes to cloud service providers, with its closest competitor having less than half of its market share. This highlights the importance of security on the cloud, especially on AWS. While a lot has been said (and written) about how cloud environments can be secured, performing external security assessments in the form of pentests on AWS is still seen as a dark art.
This book aims to help pentesters as well as seasoned system administrators with a hands-on approach to pentesting the various cloud services provided by Amazon through AWS using Kali Linux. To make things easier for novice pentesters, the book focuses on building a practice lab and refining penetration testing with Kali Linux on the cloud. This is helpful not only for beginners but also for pentesters who want to set up a pentesting environment in their private cloud, using Kali Linux to perform a white-box assessment of their own cloud resources. Besides this, the book covers a large variety of AWS services that are often overlooked during a pentest — from serverless infrastructure to automated deployment pipelines.
By the end of this book, you will be able to identify possible vulnerable areas efficiently and secure your AWS cloud environment.
  • 1. Setting Up a Pentesting Lab on AWS
  • 2. Setting Up a Kali PentestBox on the Cloud
  • 3. Exploitation on the Cloud using Kali Linux
  • 4. Setting Up Your First EC2 Instances
  • 5. Penetration Testing of EC2 Instances using Kali Linux
  • 6. Elastic Block Stores and Snapshots - Retrieving Deleted Data
  • 7. Reconnaissance - Identifying Vulnerable S3 Buckets
  • 8. Exploiting Permissive S3 Buckets for Fun and Profit
  • 9. Identity Access Management on AWS
  • 10. Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu
  • 11. Using Boto3 and Pacu to Maintain AWS Persistence
  • 12. Security and Pentesting of AWS Lambda
  • 13. Pentesting and Securing AWS RDS
  • 14. Targeting Other Services
  • 15. Pentesting CloudTrail
  • 16. GuardDuty
  • 17. Using Scout Suite for AWS Security Auditing
  • 18. Using Pacu for AWS Pentesting
  • 19. Putting it All Together - Real - World AWS Pentesting
  • Title: Hands-On AWS Penetration Testing with Kali Linux. Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation
  • Author: Karl Gilbert, Benjamin Caudill
  • Original title: Hands-On AWS Penetration Testing with Kali Linux. Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation
  • ISBN: 9781789139037, 9781789139037
  • Date of issue: 2019-04-30
  • Format: Ebook
  • Item ID: e_2au5
  • Publisher: Packt Publishing