ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- In this video, you’re going to learn how to ethically hack AWS cloud environments that you have explicit permissions for so that you can find exploitable vulnerabilities in your own AWS accounts or for your clients as a pentester, before the threat actors do. I’m going to show you step-by-step how to use an open-source tool called Pacu which is used for AWS pentesting and ethical offensive security so that you can follow along with me.
Policy shown in the video for you to copy/paste:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::cybr-pacu-lab-example"
},
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"iam:Get*",
"iam:List*",
"iam:Put*",
"iam:AttachRolePolicy",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy"
],
"Resource": "*"
}
]
}
💬 Chat with me
Discord: cybr.com/discord
Website: cybr.com
LinkedIn: / christophelimpalair
Twitter: / christophelimp
🔗 Links mentioned in the video:
- Pacu: github.com/RhinoSecurityLabs/...
- AWS: aws.amazon.com/
- 🧪 Cybr Hands-On Labs: cybr.com/labs
🎓 Courses
- Introduction to AWS Security: cybr.com/courses/introduction...
- Injection Attacks The Free Guide: cybr.com/courses/injection-at...
🚨 Disclaimer
This video is strictly for educational purposes and to teach you how you can detect and mitigate this threat from your or your employer's AWS enviroments. Learning about ethical hacking and penetration testing is an important way of protecting ourselves against threat actors. Also, not all pentesting actions are allowed on the AWS platform as per the AWS ToS, however, what we demonstrate in this video is allowed and perfectly fine. For more details, refer to this page: aws.amazon.com/security/penet...
⏱ Timestampts:
00:00 - 00:13 - Introduction
00:14 - 00:31 - Disclaimer
00:32 - 00:46 - About Pacu
00:47 - 01:00 - AWS account setup
01:01 - 01:39 - Installing Pacu
01:40 - 02:16 - Running Pacu
02:17 - 02:46 - About access keys
02:47 - 03:09 - Use test environments!
03:10 - 03:30 - Creating an AWS user
03:31 - 04:14 - Creating user policies
04:15 - 04:29 - Adding the policy to our user
04:30 - 05:08 - Creating our access key
05:09 - 05:45 - Adding the keys to Pacu
05:46 - 06:24 - Pacu modules
06:25 - 06:37 - run iam__enum_permissions
06:38 - 07:00 - whoami
07:01 - 08:04 - run iam__privesc_scan
08:05 - 08:21 - Confirming admin permissions via Pacu
08:22 - 08:34 - Confirming admin permissions via console
08:35 - 09:36 - Detailed explanation of the vulnerability
09:37 - 09:53 - Explanation of how Pacu pulled this off
09:54 - 10:18 - Learning IAM is important!
10:19 - 10:34 - Learn more about AWS security
10:35 - 10:40 - More AWS Security courses coming!
10:41 - 11:00 - Cybr Labs are coming!
11:01 - 11:05 - Outro
#awssecurity #cloudsecurity #cloudpentesting #pentesting #pentester #securityassessment #opensource #cybersecurity #aws
Short and simple demonstration. Thanks.
awesome cleanly explained. look forward more realistic example, the IAM put* definitely low hanging fruit
Thanks! I’m glad you liked this one!
thanks - that was so easy to understand - never had much to do with AWS or Pacu before and this made Pacu look quite easy to use
It’s got a couple of quirks you need to figure out but once you do it’s straightforward!
Amazing Video.
looking forward to the full course on AWS pentesting
Thanks for the feedback! More on the way
@@Cybrcom we need more pleaseeee
IAM GOING TO DO THIS FOR MY INTERNAL 3. THANKS BBRO
awesome video, great explanation as well, thanks.
Thanks! Glad you enjoyed it
Big fan ❤
Hi, I'm new to the world of security administration, and I was hoping to get some guidance from someone with your expertise. Do you have any advice on mapping out a career path in this area?
Hey, I'd recommend joining our community to ask that question as you may meet other security admins who could point you in the right direction! cybr.com/discord
So what exactly would be the risk here? A disgruntled employee being able to escalate their perms? It would be an internal hacker trying to break things rather than external?
This can be leveraged by external threat actors as well. I’ve got a video showing how being published next week. As an example, access keys can become compromised a few different ways, which then leads to what you saw in the video
@@Cybrcom nice one, thanks dude. Would love to see how we can use this tool to look at how external actors could threaten aws infrastructure
Thank you
❤️
Thankyou