ahmad-ubaidillah/AWS Penetration Testing

AWS Penetration Testing

Purpose

Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.

Inputs/Prerequisites

• AWS CLI configured with credentials
• Valid AWS credentials (even low-privilege)
• Understanding of AWS IAM model
• Python 3, boto3 library
• Tools: Pacu, Prowler, ScoutSuite, SkyArk

Outputs/Deliverables

• IAM privilege escalation paths
• Extracted credentials and secrets
• Compromised EC2/Lambda/S3 resources
• Persistence mechanisms
• Security audit findings

---

Essential Tools

| Tool | Purpose | Installation | |------|---------|--------------| | Pacu | AWS exploitation framework | git clone https://github.com/RhinoSecurityLabs/pacu | | SkyArk | Shadow Admin discovery | Import-Module .\SkyArk.ps1 | | Prowler | Security auditing | pip install prowler | | ScoutSuite | Multi-cloud auditing | pip install scoutsuite | | enumerate-iam | Permission enumeration | git clone https://github.com/andresriancho/enumerate-iam | | Principal Mapper | IAM analysis | pip install principalmapper |

---

Core Workflow

🧠 Knowledge Modules (Fractal Skills)

1. Step 1: Initial Enumeration

2. Step 2: IAM Enumeration

3. Step 3: Metadata SSRF (EC2)

4. Shadow Admin Permissions

5. Create Access Key for Another User

6. Attach Admin Policy

7. Add Inline Admin Policy

8. Lambda Privilege Escalation

9. Bucket Discovery

10. Bucket Enumeration

11. Public Bucket Search

12. Mount EBS Volume

13. Shadow Copy Attack (Windows DC)

14. Disable CloudTrail

15. Example 1: SSRF to Admin