AWS Penetration Testing: Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

null
330
English
1839216921
9781839216923
03 Dec

Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to ethical hacking and learn to secure your AWS environment

Key Features

  • Perform cybersecurity events such as red or blue team activities and functional testing
  • Gain an overview and understanding of AWS penetration testing and security
  • Make the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practices

Book Description

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.

You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.

By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.

What you will learn

  • Set up your AWS account and get well-versed in various pentesting services
  • Delve into a variety of cloud pentesting tools and methodologies
  • Discover how to exploit vulnerabilities in both AWS and applications
  • Understand the legality of pentesting and learn how to stay in scope
  • Explore cloud pentesting best practices, tips, and tricks
  • Become competent at using tools such as Kali Linux, Metasploit, and Nmap
  • Get to grips with post-exploitation procedures and find out how to write pentesting reports

Who this book is for

If you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding of cloud computing or AWS cloud is recommended.

Table of Contents

  1. Building Your AWS Environment
  2. Pentesting and Ethical Hacking
  3. Exploring Pentesting and AWS
  4. Exploiting S3 Buckets
  5. Understanding Vulnerable RDS Services
  6. Setting Up and Pentesting AWS Aurora RDS
  7. Assessing and Pentesting Lambda Services
  8. Assessing AWS API Gateway
  9. Real-Life Pentesting with Metasploit and More!
  10. Pentesting Best Practices
  11. Staying Out of Trouble
  12. Other Projects with AWS

Reviews (9)

Hardly relevant

Takes 108 pages to get to ACTUAL exploitation of AWS services. Everything up to that point is just intro to AWS, Nmap, and Metasploit. Then the rest of the book is mostly just exploiting normal old services hosted on EC2. Nothing about Cognito or Dynamo. Very little about IAM, Lambda, and API Gateway. I love books and the people who write them but this feels like a waste of $50

Disapointment

Not a single dedicated section on IAM Basically a low skill pentesting book which happens to target AWS resources No reference to well known tooling such as pacu or Cloudmapper. I can see the effort for explaining pentesting and some concept but we're far from being able to call this AWS Pentesting

One of the most approachable and easy to follow books on pentesting!

I love that the book is easy to follow to jump in and start testing. Jon does a great job of spelling out the approach of what you should think about, look for and then how to implement testing. As a person with blue-team roots who now is on the leadership side of security, this has made it easy to jump in and start testing on my own. I highly recommend this book to any security practitioner looking to gain knowledge in pentesting AWS environments.

The title of the book should have been "Intro to Penetration Testing"

Pros: - Easy to read - Good for beginners Cons: - It is hardly relevant to AWS pentesting. It talks about 90% of general (intro style) penetration testing approach and 10% of AWS features to consider when you do an AWS pentest (It doesn't really go deep either) - The author talks more about how to approach when you do a pentest in general not really AWS specific (That's why I think this book should have been titled as "Intro to Penetration Testing" or something else) - Over priced

sad

very sad

Great resource!

Great AWS pentesting resource.

Very basic

I expected more techniques in cloud environments

Amazing book

This is an awesome book to break into AWS pen testing.

Misrepresented text, out-of-date content

Like other reviewers, I was disappointed to find that this is just a basic "intro to pentesting" text with a bit of AWS added in on the side - nearly zero of this content is focused on AWS-specific vulnerabilities. Additionally, AWS has changed enough since the text's publication that the provided infrastructure setup instructions are now incomplete as written. Someone who's already technically proficient and experienced with AWS might not have trouble piecing things together, but someone who can do that likely won't find anything in this text particularly useful. tl;dr save your money

Trending Books