AWS Cloud Pentesting

A number of people have recently asked me about penetration testing in the cloud, specifically AWS. Turns out this is a fairly well explored area and there are a ton of great resources here. For starters AWS offers two online classes focused on security, a fundamentals and an intermediate course. This year there was also an entire security track at the AWS Re:Invent conference. AWS also has their own Inspector tool which allows customers to scan their environment for common misconfigurations. Then there are the "Trusted Advisor" guides as well, however these guides are not as strong as the open source alternatives in my opinion. One that is super cool, and really the point of this post, is that Summit Route / Climbdown recently put out an AWS focused wargame, which teaches AWS pentesting. This excellent 6 level "ctf" is the first I've seen that actually teaches on how to pentest and pivot through an AWS platform environment. I highly recommend it to those looking to learn how to pentest an AWS environment. They also share two of their favorite AWS security videos in their post, so I wanted to share some of my favorite AWS security videos below. I also want to remind readers that there are some excellent tools out for AWS now, as my cheatsheet no longer does it justice. I need to highlight some of the amazing open source tools for finding security misconfigurations in AWS, such as Scout2, Security Monkey, and many others. There are also services that scan AWS like EvidentIO or Dome9 for scanning other cloud environments. There are even similar tools for scanning Google Cloud Platform environments, such as gcp-audit. Finally, there are some novel tools for AWS post exploitation / persistence techniques out now, which are taking the whole thing to the next level. To counter these new offensive techniques, there are similar automated security response techniques. The following are some of my favorite AWS security presentations of recent: