售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Section 1: Kali Linux on AWS
Setting Up a Pentesting Lab on AWS
Technical requirements
Setting up a vulnerable Ubuntu instance
Provisioning an Ubuntu EC2 instance
Installing a vulnerable service on Ubuntu
Setting up a vulnerable Windows instance
Provisioning a vulnerable Windows server instance
Configuring a vulnerable web application on Windows
Configuring security groups within the lab
Configuring security groups
Summary
Further reading
Setting Up a Kali PentestBox on the Cloud
Technical requirements
Setting up Kali Linux on AWS EC2
The Kali Linux AMI
Configuring the Kali Linux instance
Configuring OpenSSH for remote SSH access
Setting root and user passwords
Enabling root and password authentication on SSH
Setting up Guacamole for remote access
Hardening and installing prerequisites
Configuring Guacamole for SSH and RDP access
Summary
Questions
Further reading
Exploitation on the Cloud using Kali Linux
Technical requirements
Configuring and running Nessus
Installing Nessus on Kali
Configuring Nessus
Performing the first Nessus scan
Exploiting a vulnerable Linux VM
Understanding the Nessus scan for Linux
Exploitation on Linux
Exploiting a vulnerable Windows VM
Understanding the Nessus scan for Windows
Exploitation on Windows
Summary
Questions
Further reading
Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing
Setting Up Your First EC2 Instances
Technical requirements
Setting Up Ubuntu on AWS EC2
The Ubuntu AMI
Configuring VPC settings
Storage types that are used in EC2 instances
Configuring firewall settings
Configuring EC2 authentication
Summary
Further reading
Penetration Testing of EC2 Instances using Kali Linux
Technical requirements
Installing a vulnerable service on Windows
Setting up a target machine behind the vulnerable Jenkins machine
Setting up Nexpose vulnerability scanner on our Kali machine
Scanning and reconnaissance using Nmap
Identifying and fingerprinting open ports and services using Nmap
Performing an automated vulnerability assessment using Nexpose
Using Metasploit for automated exploitation
Using Meterpreter for privilege escalation, pivoting, and persistence
Summary
Further reading
Elastic Block Stores and Snapshots - Retrieving Deleted Data
Technical requirements
EBS volume types and encryption
Creating, attaching, and detaching new EBS volumes from EC2 instances
Extracting deleted data from EBS volumes
Full disk encryption on EBS volumes
Creating an encrypted volume
Attaching and mounting an encrypted volume
Retrieving data from an encrypted volume
Summary
Further reading
Section 3: Pentesting AWS Simple Storage Service Configuring and Securing
Reconnaissance - Identifying Vulnerable S3 Buckets
Setting up your first S3 bucket
S3 permissions and the access API
ACPs/ACLs
Bucket policies
IAM user policies
Access policies
Creating a vulnerable S3 bucket
Summary
Further reading
Exploiting Permissive S3 Buckets for Fun and Profit
Extracting sensitive data from exposed S3 buckets
Injecting malicious code into S3 buckets
Backdooring S3 buckets for persistent access
Summary
Further reading
Section 4: AWS Identity Access Management Configuring and Securing
Identity Access Management on AWS
Creating IAM users, groups, roles, and associated privileges
Limit API actions and accessible resources with IAM policies
IAM policy structure
IAM policy purposes and usage
Using IAM access keys
Signing AWS API requests manually
Summary
Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu
The importance of permissions enumeration
Using the boto3 library for reconnaissance
Our first Boto3 enumeration script
Saving the data
Adding some S3 enumeration
Dumping all the account information
A new script – IAM enumeration
Saving the data (again)
Permission enumeration with compromised AWS keys
Determining our level of access
Analysing policies attached to our user
An alternative method
Privilege escalation and gathering credentials using Pacu
Pacu – an open source AWS exploitation toolkit
Kali Linux detection bypass
The Pacu CLI
From enumeration to privilege escalation
Using our new administrator privileges
Summary
Using Boto3 and Pacu to Maintain AWS Persistence
Backdooring users
Multiple IAM user access keys
Do it with Pacu
Backdooring role trust relationships
IAM role trust policies
Finding a suitable target role
Adding our backdoor access
Confirming our access
Automating it with Pacu
Backdooring EC2 Security Groups
Using Lambda functions as persistent watchdogs
Automating credential exfiltration with Lambda
Using Pacu for the deployment of our backdoor
Other Lambda Pacu modules
Summary
Section 5: Penetration Testing on Other AWS Services
Security and Pentesting of AWS Lambda
Setting up a vulnerable Lambda function
Attacking Lambda functions with read access
Attacking Lambda functions with read and write access
Privilege escalation
Data exfiltration
Persistence
Staying stealthy
Pivoting into Virtual Private Clouds
Summary
Pentesting and Securing AWS RDS
Technical requirements
Setting up a vulnerable RDS instance
Connecting an RDS instance to WordPress on EC2
Identifying and enumerating exposed RDS instances using Nmap
Exploitation and data extraction from a vulnerable RDS instance
Summary
Further reading
Targeting Other Services
Route 53
Hosted zones
Domains
Resolvers
Simple Email Service (SES)
Phishing
Other attacks
Attacking all of CloudFormation
Parameters
Output values
Termination protection
Deleted stacks
Exports
Templates
Passed roles
Bonus – discovering the values of NoEcho parameters
Elastic Container Registry (ECR)
Summary
Section 6: Attacking AWS Logging and Security Services
Pentesting CloudTrail
More about CloudTrail
Setup, best practices, and auditing
Setup
Auditing
Reconnaissance
Bypassing logging
Unsupported CloudTrail services for attackers and defenders
Bypassing logging through cross-account methods
Enumerating users
Enumerating roles
Disrupting trails
Turning off logging
Deleting trails/S3 buckets
Minifying trails
Problems with disruption (and some partial solutions)
Summary
GuardDuty
An introduction to GuardDuty and its findings
Alerting about and reacting to GuardDuty findings
Bypassing GuardDuty
Bypassing everything with force
Bypassing everything with IP whitelisting
Bypassing EC2 instance credential exfiltration alerts
Bypassing operating system (PenTest) alerts
Other simple bypasses
Cryptocurrency
Behavior
ResourceConsumption
Stealth
Trojan
Others
Summary
Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks
Using Scout Suite for AWS Security Auditing
Technical requirements
Setting up a vulnerable AWS infrastructure
A misconfigured EC2 instance
Creating a vulnerable S3 instance
Configuring and running Scout Suite
Setting up the tool
Running Scout Suite
Parsing the results of a Scout Suite scan
Using Scout Suite's rules
Summary
Using Pacu for AWS Pentesting
Pacu history
Getting started with Pacu
Pacu commands
list/ls
search [[cat]egory] <search term>
help
help <module name>
whoami
data
services
data <service>|proxy
regions
update_regions
set_regions <region> [<region>...]
run/exec <module name>
set_keys
swap_keys
import_keys <profile name>|--all
exit/quit/Ctrl + C
aws <command>
proxy <command>
Creating a new module
The API
session/get_active_session
get_proxy_settings
print/input
key_info
fetch_data
get_regions
install_dependencies
get_boto3_client/get_boto3_resource
Module structure and implementation
An introduction to PacuProxy
Summary
Putting it All Together - Real - World AWS Pentesting
Pentest kickoff
Scoping
AWS pentesting rules and guidelines
Credentials and client expectations
Setup
Unauthenticated reconnaissance
Authenticated reconnaissance plus permissions enumeration
Privilege escalation
Persistence
Post-exploitation
EC2 exploitation
Code review and analysis in Lambda
Getting past authentication in RDS
The authenticated side of S3
Auditing for compliance and best practices
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜