IAM policies are how permissions are delegated to the users, roles, and groups in your account. They are simple JSON documents that specify what permissions are specifically allowed or denied, what resources those permissions can/can't be used on, and under what conditions those rules apply. We can use these to enforce fine-grained permissions models within our AWS environment.
Limit API actions and accessible resources with IAM policies
by Benjamin Caudill, Karl Gilbert
Hands-On AWS Penetration Testing with Kali Linux
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Section 1: Kali Linux on AWS
- Setting Up a Pentesting Lab on AWS
- Setting Up a Kali PentestBox on the Cloud
- Exploitation on the Cloud using Kali Linux
- Section 2: Pentesting AWS Elastic Compute Cloud Configuring and Securing
- Setting Up Your First EC2 Instances
- Penetration Testing of EC2 Instances using Kali Linux
- Technical requirements
- Installing a vulnerable service on Windows
- Scanning and reconnaissance using Nmap
- Identifying and fingerprinting open ports and services using Nmap
- Performing an automated vulnerability assessment using Nexpose
- Using Metasploit for automated exploitation
- Using Meterpreter for privilege escalation, pivoting, and persistence
- Summary
- Further reading
- Elastic Block Stores and Snapshots - Retrieving Deleted Data
- Section 3: Pentesting AWS Simple Storage Service Configuring and Securing
- Reconnaissance - Identifying Vulnerable S3 Buckets
- Exploiting Permissive S3 Buckets for Fun and Profit
- Section 4: AWS Identity Access Management Configuring and Securing
- Identity Access Management on AWS
- Privilege Escalation of AWS Accounts Using Stolen Keys, Boto3, and Pacu
- Using Boto3 and Pacu to Maintain AWS Persistence
- Section 5: Penetration Testing on Other AWS Services
- Security and Pentesting of AWS Lambda
- Pentesting and Securing AWS RDS
- Targeting Other Services
- Section 6: Attacking AWS Logging and Security Services
- Pentesting CloudTrail
- GuardDuty
- Section 7: Leveraging AWS Pentesting Tools for Real-World Attacks
- Using Scout Suite for AWS Security Auditing
- Using Pacu for AWS Pentesting
- Pacu history
- Getting started with Pacu
- Pacu commands
- list/ls
- search [[cat]egory] <search term>
- help
- help <module name>
- whoami
- data
- services
- data <service>|proxy
- regions
- update_regions
- set_regions <region> [<region>...]
- run/exec <module name>
- set_keys
- swap_keys
- import_keys <profile name>|--all
- exit/quit/Ctrl + C
- aws <command>
- proxy <command>
- Creating a new module
- An introduction to PacuProxy
- Summary
- Putting it All Together - Real - World AWS Pentesting
- Other Books You May Enjoy
Limit API actions and accessible resources with IAM policies
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.