19
AWS-PT By Vengatesh.N

Pentesting Cloud Environment

Embed Size (px)

Citation preview

Page 1: Pentesting Cloud Environment

AWS-PTByVengatesh.N

Page 2: Pentesting Cloud Environment

AWS & Its Terminologies1. AWS2. VPC3. Emc2 Instances4. AMI(Amazon Machine Image)

Page 3: Pentesting Cloud Environment

AWS-Scenario

Page 4: Pentesting Cloud Environment

AWS-Scenario

Page 5: Pentesting Cloud Environment

AWS Pen-testing Methodology1. Testing SSH2. Scanning with tools3. Finger Printing or Extracting Meta-Data

Page 6: Pentesting Cloud Environment

Caution..!!!!!!To perform VAPT on AWS, prior permission is needed from AWS teamhttps://aws.amazon.com/forms/penetration-testing-request

Page 7: Pentesting Cloud Environment

Testing SSH1. Direct root access allowed or not2. Default username password changed or not3. Login using. pem file or password4. Environment variables are accessible to the user or

not5. Default port 22 is used or not6. Try to create a new user with password authentication

Page 8: Pentesting Cloud Environment

Default SSH Credentials

Page 9: Pentesting Cloud Environment

VPC Firewall-Rules Configuration

Page 10: Pentesting Cloud Environment

Scanning with toolsTo name few: Nessus Nmap Nexpose OpenVAS Qualys

Page 11: Pentesting Cloud Environment

Nessus Compliance check

Page 12: Pentesting Cloud Environment

Nexpose AWS Audit

Page 13: Pentesting Cloud Environment

Whole Audit Process Explained Auditing with Nessus:https://www.tenable.com/blog/nessus-amazon-aws-auditing-now-availableAuditing With Nexpose:http://www.esecforte.com/auditing-your-cloud-infrastructure-with-nexpose-enterprise/

https://www.tenable.com/blog/nessus-amazon-aws-auditing-now-available
https://www.tenable.com/blog/nessus-amazon-aws-auditing-now-available
http://www.esecforte.com/auditing-your-cloud-infrastructure-with-nexpose-enterprise/
http://www.esecforte.com/auditing-your-cloud-infrastructure-with-nexpose-enterprise/
Page 14: Pentesting Cloud Environment

Extracting MetadataExtracting Juicy information Manual Using Nimbostratus Tool

Page 15: Pentesting Cloud Environment

Manual Method Use curl to access MetadataMetadata Information Will be available Here:curl http://publicIP/http:// publicIP /latest/

http://publicip/
http://169.254.169.254/latest/
http://publicip/
http://publicip/
http://publicip/
http://169.254.169.254/latest/
Page 16: Pentesting Cloud Environment

Manual Method

Page 17: Pentesting Cloud Environment

Using NimbostratusNimbostratus can fingerprint & Exploit AWS InfrastructuresFeatures: Dump permissions Dump instance meta-data Create new userMore: http://andresriancho.github.io/nimbostratus/

Page 18: Pentesting Cloud Environment

ConclusionPoints to Remember while Securing AWS:Different users for different tasksAudit users and groups periodicallySecurity Practices applicable for SSH or service Security Best Practices:http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Page 19: Pentesting Cloud Environment

Referenceshttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.htmlhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.htmlhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-tutorials.htmlhttps://thoughtsandideas.files.wordpress.com/2012/05/step-2-2-amazon-ec2-instance1.pnghttps://www.youtube.com/watch?v=CaJCmoGIW24http://unix.stackexchange.com/questions/82626/why-is-root-login-via-ssh-so-bad-that-everyone-advises-to-disable-ithttps://www.blackhat.com/docs/us-14/materials/us-14-Riancho-Pivoting-In-Amazon-Clouds-WP.pdf


PenTesting the Internal Network

PenTesting the Internal Network

Documents
WITH MOBILE PENTESTING

WITH MOBILE PENTESTING

Documents
Pentesting Android Apps Sneha Rajguru (@Sneharajguru) · Pentesting Android Apps Sneha Rajguru ... Pentesting Environment setup ... 11/17/2015 3:14:35 AM

Pentesting Android Apps Sneha Rajguru (@Sneharajguru) · Pentesting Android Apps Sneha Rajguru ... Pentesting Environment setup ... 11/17/2015 3:14:35 AM

Documents
Pentesting Android Apps

Pentesting Android Apps

Technology
Pentesting RESTful WebServices v1.0

Pentesting RESTful WebServices v1.0

Documents
Pentesting in IoT - wiki.elvis.science

Pentesting in IoT - wiki.elvis.science

Documents
Drones for Pentesting? · Drones for Pentesting? Sounds like fun, doesn’t it? Larry Pesce, Hackfest 2015

Drones for Pentesting? · Drones for Pentesting? Sounds like fun, doesn’t it? Larry Pesce, Hackfest 2015

Documents
Pentesting VOIP - BackTrack Linux

Pentesting VOIP - BackTrack Linux

Documents
BruCON 2015 - Pentesting ICS 101

BruCON 2015 - Pentesting ICS 101

Business
ThD - Pentesting Con BackTrack

ThD - Pentesting Con BackTrack

Documents
Pentesting web applications

Pentesting web applications

Technology
CLOUD COMPUTING SECURITY – PENTESTING THE CLOUD Diogenes S. De Jesus CEH, Security+

CLOUD COMPUTING SECURITY – PENTESTING THE CLOUD Diogenes S. De Jesus CEH, Security+

Documents
Pentesting iOS Applications

Pentesting iOS Applications

Technology
ThD - Pentesting Con BackTrack2

ThD - Pentesting Con BackTrack2

Documents
iOS Application Pentesting

iOS Application Pentesting

Internet
BSIDESLV Secret Pentesting Techniques

BSIDESLV Secret Pentesting Techniques

Documents
Making pentesting sexy ossams - BSidesQuebec2013

Making pentesting sexy ossams - BSidesQuebec2013

Technology
Episodio de pentesting

Episodio de pentesting

Technology
Goal Oriented Pentesting

Goal Oriented Pentesting

Documents
Pentesting With Burp Suite

Pentesting With Burp Suite

Documents
Pentesting for startups

Pentesting for startups

Technology
Pentesting iPhone Applications -PPT

Pentesting iPhone Applications -PPT

Documents
Android Hacking + Pentesting

Android Hacking + Pentesting

Education
Practical SAP Pentesting

Practical SAP Pentesting

Documents
Cloud environment setup

Cloud environment setup

Education
Practical pentesting of ERP’s and businessmedia.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs... · ERPScan Pentesting Tool • ERPScan's Pentesting Tool is a freeware

Practical pentesting of ERP’s and businessmedia.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs... · ERPScan Pentesting Tool • ERPScan's Pentesting Tool is a freeware

Documents
Andriod Pentesting and Malware Analysis

Andriod Pentesting and Malware Analysis

Education
Pentesting VOIP

Pentesting VOIP

Documents
Pentesting django and rails

Pentesting django and rails

Technology
Pentesting J2EE

Pentesting J2EE

Documents