万本电子书0元读

万本电子书0元读

顶部广告

Hands-On AWS Penetration Testing with Kali Linux电子书

售       价:¥

4人正在读 | 0人评论 9.8

作       者:Karl Gilbert

出  版  社:Packt Publishing

出版时间:2019-04-30

字       数:50.6万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Identify tools and techniques to secure and perform a penetration test on an AWS infrastructure using Kali Linux Key Features * Efficiently perform penetration testing techniques on your public cloud instances * Learn not only to cover loopholes but also to automate security monitoring and alerting within your cloud-based deployment pipelines * A step-by-step guide that will help you leverage the most widely used security platform to secure your AWS Cloud environment Book Description The cloud is taking over the IT industry. Any organization housing a large amount of data or a large infrastructure has started moving cloud-ward — and AWS rules the roost when it comes to cloud service providers, with its closest competitor having less than half of its market share. This highlights the importance of security on the cloud, especially on AWS. While a lot has been said (and written) about how cloud environments can be secured, performing external security assessments in the form of pentests on AWS is still seen as a dark art. This book aims to help pentesters as well as seasoned system administrators with a hands-on approach to pentesting the various cloud services provided by Amazon through AWS using Kali Linux. To make things easier for novice pentesters, the book focuses on building a practice lab and refining penetration testing with Kali Linux on the cloud. This is helpful not only for beginners but also for pentesters who want to set up a pentesting environment in their private cloud, using Kali Linux to perform a white-box assessment of their own cloud resources. Besides this, there is a lot of in-depth coverage of the large variety of AWS services that are often overlooked during a pentest — from serverless infrastructure to automated deployment pipelines. By the end of this book, you will be able to identify possible vulnerable areas efficiently and secure your AWS cloud environment. What you will learn * Familiarize yourself with and pentest the most common external-facing AWS services * Audit your own infrastructure and identify flaws, weaknesses, and loopholes * Demonstrate the process of lateral and vertical movement through a partially compromised AWS account * Maintain stealth and persistence within a compromised AWS account * Master a hands-on approach to pentesting * Discover a number of automated tools to ease the process of continuously assessing and improving the security stance of an AWS infrastructure Who this book is for If you are a security analyst or a penetration tester and are interested in exploiting Cloud environments to reveal vulnerable areas and secure them, then this book is for you. A basic understanding of penetration testing, cloud computing, and its security concepts is mandatory.
目录展开

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Section 1: Kali Linux on AWS

Setting Up a Pentesting Lab on AWS

Technical requirements

Setting up a vulnerable Ubuntu instance

Provisioning an Ubuntu EC2 instance

Installing a vulnerable service on Ubuntu

Setting up a vulnerable Windows instance

Provisioning a vulnerable Windows server instance

Configuring a vulnerable web application on Windows

Configuring security groups within the lab

Configuring security groups

Summary

Further reading

Setting Up a Kali PentestBox on the Cloud

Technical requirements

Setting up Kali Linux on AWS EC2

The Kali Linux AMI

Configuring the Kali Linux instance

Configuring OpenSSH for remote SSH access

Setting root and user passwords

Enabling root and password authentication on SSH

Setting up Guacamole for remote access

Hardening and installing prerequisites

Configuring Guacamole for SSH and RDP access

Summary

Questions

Further reading

Exploitation on the Cloud using Kali Linux

Technical requirements

Configuring and running Nessus

Installing Nessus on Kali

Configuring Nessus

Performing the first Nessus scan

Exploiting a vulnerable Linux VM

Understanding the Nessus scan for Linux

Exploitation on Linux

Exploiting a vulnerable Windows VM

Understanding the Nessus scan for Windows

Exploitation on Windows

Summary

Questions

Further reading

Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing

Setting Up Your First EC2 Instances

Technical requirements

Setting Up Ubuntu on AWS EC2

The Ubuntu AMI

Configuring VPC settings

Storage types that are used in EC2 instances

Configuring firewall settings

Configuring EC2 authentication

Summary

Further reading

Penetration Testing of EC2 Instances using Kali Linux

Technical requirements

Installing a vulnerable service on Windows

Setting up a target machine behind the vulnerable Jenkins machine

Setting up Nexpose vulnerability scanner on our Kali machine

Scanning and reconnaissance using Nmap

Identifying and fingerprinting open ports and services using Nmap

Performing an automated vulnerability assessment using Nexpose

Using Metasploit for automated exploitation

Using Meterpreter for privilege escalation, pivoting, and persistence

Summary

Further reading

Elastic Block Stores and Snapshots - Retrieving Deleted Data

Technical requirements

EBS volume types and encryption

Creating, attaching, and detaching new EBS volumes from EC2 instances

Extracting deleted data from EBS volumes

Full disk encryption on EBS volumes

Creating an encrypted volume

Attaching and mounting an encrypted volume

Retrieving data from an encrypted volume

Summary

Further reading

Section 3: Pentesting AWS Simple Storage Service Configuring and Securing

Reconnaissance - Identifying Vulnerable S3 Buckets

Setting up your first S3 bucket

S3 permissions and the access API

ACPs/ACLs

Bucket policies

IAM user policies

Access policies

Creating a vulnerable S3 bucket

Summary

Further reading

Exploiting Permissive S3 Buckets for Fun and Profit

Extracting sensitive data from exposed S3 buckets

Injecting malicious code into S3 buckets

Backdooring S3 buckets for persistent access

Summary

Further reading

Section 4: AWS Identity Access Management Configuring and Securing

Identity Access Management on AWS

Creating IAM users, groups, roles, and associated privileges

Limit API actions and accessible resources with IAM policies

IAM policy structure

IAM policy purposes and usage

Using IAM access keys

Signing AWS API requests manually

Summary

Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu

The importance of permissions enumeration

Using the boto3 library for reconnaissance

Our first Boto3 enumeration script

Saving the data

Adding some S3 enumeration

Dumping all the account information

A new script – IAM enumeration

Saving the data (again)

Permission enumeration with compromised AWS keys

Determining our level of access

Analysing policies attached to our user

An alternative method

Privilege escalation and gathering credentials using Pacu

Pacu – an open source AWS exploitation toolkit

Kali Linux detection bypass

The Pacu CLI

From enumeration to privilege escalation

Using our new administrator privileges

Summary

Using Boto3 and Pacu to Maintain AWS Persistence

Backdooring users

Multiple IAM user access keys

Do it with Pacu

Backdooring role trust relationships

IAM role trust policies

Finding a suitable target role

Adding our backdoor access

Confirming our access

Automating it with Pacu

Backdooring EC2 Security Groups

Using Lambda functions as persistent watchdogs

Automating credential exfiltration with Lambda

Using Pacu for the deployment of our backdoor

Other Lambda Pacu modules

Summary

Section 5: Penetration Testing on Other AWS Services

Security and Pentesting of AWS Lambda

Setting up a vulnerable Lambda function

Attacking Lambda functions with read access

Attacking Lambda functions with read and write access

Privilege escalation

Data exfiltration

Persistence

Staying stealthy

Pivoting into Virtual Private Clouds

Summary

Pentesting and Securing AWS RDS

Technical requirements

Setting up a vulnerable RDS instance

Connecting an RDS instance to WordPress on EC2

Identifying and enumerating exposed RDS instances using Nmap

Exploitation and data extraction from a vulnerable RDS instance

Summary

Further reading

Targeting Other Services

Route 53

Hosted zones

Domains

Resolvers

Simple Email Service (SES)

Phishing

Other attacks

Attacking all of CloudFormation

Parameters

Output values

Termination protection

Deleted stacks

Exports

Templates

Passed roles

Bonus – discovering the values of NoEcho parameters

Elastic Container Registry (ECR)

Summary

Section 6: Attacking AWS Logging and Security Services

Pentesting CloudTrail

More about CloudTrail

Setup, best practices, and auditing

Setup

Auditing

Reconnaissance

Bypassing logging

Unsupported CloudTrail services for attackers and defenders

Bypassing logging through cross-account methods

Enumerating users

Enumerating roles

Disrupting trails

Turning off logging

Deleting trails/S3 buckets

Minifying trails

Problems with disruption (and some partial solutions)

Summary

GuardDuty

An introduction to GuardDuty and its findings

Alerting about and reacting to GuardDuty findings

Bypassing GuardDuty

Bypassing everything with force

Bypassing everything with IP whitelisting

Bypassing EC2 instance credential exfiltration alerts

Bypassing operating system (PenTest) alerts

Other simple bypasses

Cryptocurrency

Behavior

ResourceConsumption

Stealth

Trojan

Others

Summary

Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks

Using Scout Suite for AWS Security Auditing

Technical requirements

Setting up a vulnerable AWS infrastructure

A misconfigured EC2 instance

Creating a vulnerable S3 instance

Configuring and running Scout Suite

Setting up the tool

Running Scout Suite

Parsing the results of a Scout Suite scan

Using Scout Suite's rules

Summary

Using Pacu for AWS Pentesting

Pacu history

Getting started with Pacu

Pacu commands

list/ls

search [[cat]egory] <search term>

help

help <module name>

whoami

data

services

data <service>|proxy

regions

update_regions

set_regions <region> [<region>...]

run/exec <module name>

set_keys

swap_keys

import_keys <profile name>|--all

exit/quit/Ctrl + C

aws <command>

proxy <command>

Creating a new module

The API

session/get_active_session

get_proxy_settings

print/input

key_info

fetch_data

get_regions

install_dependencies

get_boto3_client/get_boto3_resource

Module structure and implementation

An introduction to PacuProxy

Summary

Putting it All Together - Real - World AWS Pentesting

Pentest kickoff

Scoping

AWS pentesting rules and guidelines

Credentials and client expectations

Setup

Unauthenticated reconnaissance

Authenticated reconnaissance plus permissions enumeration

Privilege escalation

Persistence

Post-exploitation

EC2 exploitation

Code review and analysis in Lambda

Getting past authentication in RDS

The authenticated side of S3

Auditing for compliance and best practices

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部