Cover -- Title Page -- Copyright and Credits -- About Packt -- Contributors -- Table of Contents -- Preface -- Section 1: Setting Up AWS and Pentesting Environments -- Chapter 1: Building Your AWS Environment -- Technical requirements -- Exploring Amazon Web Services (AWS) -- AWS security and penetration testing -- Understanding our testing environment -- Configuring your environment -- Setting up an account -- Setting up EC2 instances -- Setting up an EC2 instance with CentOS -- Setting up a Windows host -- Attacker setup -- setting up a Kali instance -- Connecting with PuTTY
Exploring vulnerable services -- Discovering vulnerable services -- Creating vulnerable services -- Attacking vulnerabilities -- Exploring Metasploit -- The AWS Command Line Interface (CLI) -- Installing the AWS CLI -- Exploring basic AWS CLI commands -- Summary -- Further reading -- Chapter 2: Pentesting and Ethical Hacking -- Technical requirements -- What is penetration testing? -- Finding critical issues before the bad guys do -- Pentesting methodology -- Types of pentesting -- Advantages and disadvantages -- Kali Linux -- Setting up a Linux image -- Exploring essential Linux commands -- NMAP
AWS Inspector -- Metasploit -- Scripting -- Operating systems -- Linux/Unix -- Linux file permissions -- sudo -- Windows -- GUI -- Summary -- Further reading -- Section 2: Pentesting the Cloud -- Exploiting AWS -- Chapter 3: Exploring Pentesting and AWS -- Technical requirements -- Exploring reconnaissance -- Driving enumeration for recon -- Harvesting email addresses -- The WHOIS command -- Netcraft -- Enumerating and understanding AWS services -- S3 buckets and discovering open buckets with web apps -- Lambda -- EC2 instances -- Scanning and examining targets for reconnaissance -- Metasploit
Nmap -- LambdaGuard -- S3 scanning -- Knowing the attacker -- Creating attack paths -- Organic attack paths -- Goal-based attack paths -- AWS attack paths -- Pentesting attack paths -- Red teaming for businesses -- Diving into the attacker mindset -- Discovering SSH keys -- How the keys work -- Good hygiene -- Scanning and connecting to AWS -- Scanning with Nmap -- Starting Metasploit -- TCP scanning with Metasploit -- ACK scanning with Metasploit -- RDP scanning with Metasploit -- Connecting with Kali -- Connecting with Windows -- Learning from experience -- Summary -- Further reading
Chapter 4: Exploiting S3 Buckets -- Technical requirements -- AWS Regions and Availability Zones -- Availability Zones -- Connecting and manipulating S3 buckets -- Understanding S3 buckets -- Using S3 buckets -- S3 buckets -- Quick detour -- making IAM users -- Copying and uploading to S3 -- Bucket policies and ACLs -- Public bucket policies -- Understanding policy attributes -- Writing bucket policies for policy bypassing -- Public buckets -- Bucket misconfigurations -- Scripts to find private buckets -- Python scripting -- Bash scripting -- Goal-based pentesting scenarios
