aws-penetration-testing

# AWS Penetration Testing ## Purpose Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations. ## Inputs/Prerequisites - AWS CLI configured with credentials - Valid AWS credentials (even low-privilege) - Understanding of AWS IAM model - Python 3, boto3 library - Tools: Pacu, Prowler, ScoutSuite, SkyArk ## Outputs/Deliverables - IAM privilege escalation paths - Extracted credentials and secrets - Compromised EC2/Lambda/S3 resources - Persistence mechanisms - Security audit findings --- ## Essential Tools | Tool | Purpose | Installation | |------|---------|--------------| | Pacu | AWS exploitation framework | `git clone https://github.com/RhinoSecurityLabs/pacu` | | SkyArk | Shadow Admin discovery | `Import-Module .\SkyArk.ps1` | | Prowler | Security auditing | `pip install prowler` | | ScoutSuite | Multi-cloud auditing | `pip install scoutsuite` | | enumerate-iam | Permission enumeration | `git clone https://github.com/andresriancho/enumerate-iam` | | Principal Mapper | IAM analysis | `pip install principalmapper` | --- ## Core Workflow ### Step 1: Initial Enumeration Identify the compromised identity and permissions: ```bash # Check current identity aws sts get-caller-identity # Configure profile aws configure --profile compromised # List access keys aws iam list-acce...