What do you think?
Rate this book
AWS Penetration Testing: Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap
Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to ethical hacking and learn to secure your AWS environment
Key FeaturesPerform cybersecurity events such as red or blue team activities and functional testingGain an overview and understanding of AWS penetration testing and securityMake the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practicesBook DescriptionCloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.
You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.
By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.
What you will learnSet up your AWS account and get well-versed in various pentesting servicesDelve into a variety of cloud pentesting tools and methodologiesDiscover how to exploit vulnerabilities in both AWS and applicationsUnderstand the legality of pentesting and learn how to stay in scopeExplore cloud pentesting best practices, tips, and tricksBecome competent at using tools such as Kali Linux, Metasploit, and NmapGet to grips with post-exploitation procedures and find out how to write pentesting reportsWho this book is forIf you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding of cloud computing or AWS cloud is recommended.
Table of ContentsBuilding Your AWS EnvironmentPentesting and Ethical HackingExploring Pentesting and AWSExploiting S3 BucketsUnderstanding Vulnerable RDS ServicesSetting Up and Pentesting AWS Aurora RDSAssessing and Pentesting Lambda ServicesAssessing AWS API GatewayReal-Life Pentesting with Metasploit and More!Pentesting Best PracticesStaying Out of Trouble Other Projects with AWS
Key FeaturesPerform cybersecurity events such as red or blue team activities and functional testingGain an overview and understanding of AWS penetration testing and securityMake the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practicesBook DescriptionCloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.
You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.
By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.
What you will learnSet up your AWS account and get well-versed in various pentesting servicesDelve into a variety of cloud pentesting tools and methodologiesDiscover how to exploit vulnerabilities in both AWS and applicationsUnderstand the legality of pentesting and learn how to stay in scopeExplore cloud pentesting best practices, tips, and tricksBecome competent at using tools such as Kali Linux, Metasploit, and NmapGet to grips with post-exploitation procedures and find out how to write pentesting reportsWho this book is forIf you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding of cloud computing or AWS cloud is recommended.
Table of ContentsBuilding Your AWS EnvironmentPentesting and Ethical HackingExploring Pentesting and AWSExploiting S3 BucketsUnderstanding Vulnerable RDS ServicesSetting Up and Pentesting AWS Aurora RDSAssessing and Pentesting Lambda ServicesAssessing AWS API GatewayReal-Life Pentesting with Metasploit and More!Pentesting Best PracticesStaying Out of Trouble Other Projects with AWS
330 pages, Kindle Edition
Published December 4, 2020
13 people are currently reading
26 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
November 9, 2021
Helmus writes a very helpful book for introducing an individual to the concepts behind penetration testing in an AWS environment. The book begins with some helpful introductory information about penetration testing and different techniques and tools.
For anyone who has studied this topic before, they won't necessarily find anything earth-shattering in these sections. But, they are clear and succinct and could be a perfectly fine introduction to the topic for someone pivoting to penetration testing with any prior experience in IT, especially the cloud. Similarly, this is not an AWS fundamentals course. If someone is coming from a penetration testing background, this will not make them into an AWS expert.
What the book does very well helps with hands-on experience of seeing and trying penetration testing techniques and tools on an active AWS lab, which can be set up for free following the directions in the book.
The targets are not terribly sophisticated, but that's never the goal of an introductory explanation on these topics (I myself teach introductory penetration testing). They are effective in creating easily replicated examples for the techniques demonstrated in the book.
Due to the nature of technology and writing hands-on about technology, some of the content is becoming outdated. This can't be helped and isn't a hit against the book, as it is not really something that can be changed. Just something readers should be aware of. Kali Linux updates quarterly. AWS changes parts of its interface from time to time. Python 2.7 was End of Life but still highly utilized. If any of this causes issues with following the book, do know that this is the case with almost all technology education material and it is the tenacity of the student to find solutions. But, unless you get a book or course right as it is released, you will run into this issue.
To his credit in this way, Helmus does thoroughly explain steps and mindset for all of the tools and techniques utilized. So, the reader should be able to follow the intention to make the few changes required here and there.
For anyone who has studied this topic before, they won't necessarily find anything earth-shattering in these sections. But, they are clear and succinct and could be a perfectly fine introduction to the topic for someone pivoting to penetration testing with any prior experience in IT, especially the cloud. Similarly, this is not an AWS fundamentals course. If someone is coming from a penetration testing background, this will not make them into an AWS expert.
What the book does very well helps with hands-on experience of seeing and trying penetration testing techniques and tools on an active AWS lab, which can be set up for free following the directions in the book.
The targets are not terribly sophisticated, but that's never the goal of an introductory explanation on these topics (I myself teach introductory penetration testing). They are effective in creating easily replicated examples for the techniques demonstrated in the book.
Due to the nature of technology and writing hands-on about technology, some of the content is becoming outdated. This can't be helped and isn't a hit against the book, as it is not really something that can be changed. Just something readers should be aware of. Kali Linux updates quarterly. AWS changes parts of its interface from time to time. Python 2.7 was End of Life but still highly utilized. If any of this causes issues with following the book, do know that this is the case with almost all technology education material and it is the tenacity of the student to find solutions. But, unless you get a book or course right as it is released, you will run into this issue.
To his credit in this way, Helmus does thoroughly explain steps and mindset for all of the tools and techniques utilized. So, the reader should be able to follow the intention to make the few changes required here and there.
July 12, 2024
Hacking Amazon Web Services
This is an amazing book on how to exploit AWS with a huge slew of attack vectors and ideas.
I quite enjoyed this book, and Helmus is a really helpful and detailed writer.
I got a lot out of this book, and found it a great tool to add to my cybersecurity belt.
Definitely recommend checking it out, and trying the tips out.
4.9/5
This is an amazing book on how to exploit AWS with a huge slew of attack vectors and ideas.
I quite enjoyed this book, and Helmus is a really helpful and detailed writer.
I got a lot out of this book, and found it a great tool to add to my cybersecurity belt.
Definitely recommend checking it out, and trying the tips out.
4.9/5
Displaying 1 - 2 of 2 reviews