Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
AWS-PT
By
Vengatesh.N
AWS & Its Terminologies
1. AWS
2. VPC
3. Emc2 Instances
4. AMI(Amazon Machine Image)
AWS-Scenario
AWS-Scenario
AWS Pen-testing Methodology
1. Testing SSH
2. Scanning with tools
3. Finger Printing or Extracting Meta-Data
Caution..!!!!!!
To perform VAPT on AWS, prior permission is needed from AWS
team
https://aws.amazon.com/forms/penetratio...
Testing SSH
1. Direct root access allowed or not
2. Default username password changed or not
3. Login using. pem file or p...
Default SSH
Credentials
VPC Firewall-Rules Configuration
Scanning with tools
To name few:
 Nessus
 Nmap
 Nexpose
 OpenVAS
 Qualys
Nessus Compliance check
Nexpose AWS Audit
Whole Audit Process Explained
Auditing with Nessus:
https://www.tenable.com/blog/nessus-amazon-aws-auditing-now-
available...
Extracting Metadata
Extracting Juicy information
 Manual
 Using Nimbostratus Tool
Manual Method
Use curl to access Metadata
Metadata Information Will be available Here:
curl http://publicIP/
http:// publi...
Manual Method
Using Nimbostratus
Nimbostratus can fingerprint & Exploit AWS Infrastructures
Features:
 Dump permissions
 Dump instance...
Conclusion
Points to Remember while Securing AWS:
Different users for different tasks
Audit users and groups periodically
...
References
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html
http://docs.aws.amazon.com/AWSEC2/latest/UserG...
Upcoming SlideShare
Loading in …5
×

Pentesting Cloud Environment

640 views

Published on

Contains Methodology & To-do list while performing a Penetration Test against Cloud Environment

Published in: Internet
  • Be the first to comment

Pentesting Cloud Environment

  1. 1. AWS-PT By Vengatesh.N
  2. 2. AWS & Its Terminologies 1. AWS 2. VPC 3. Emc2 Instances 4. AMI(Amazon Machine Image)
  3. 3. AWS-Scenario
  4. 4. AWS-Scenario
  5. 5. AWS Pen-testing Methodology 1. Testing SSH 2. Scanning with tools 3. Finger Printing or Extracting Meta-Data
  6. 6. Caution..!!!!!! To perform VAPT on AWS, prior permission is needed from AWS team https://aws.amazon.com/forms/penetration-testing-request
  7. 7. Testing SSH 1. Direct root access allowed or not 2. Default username password changed or not 3. Login using. pem file or password 4. Environment variables are accessible to the user or not 5. Default port 22 is used or not 6. Try to create a new user with password authentication
  8. 8. Default SSH Credentials
  9. 9. VPC Firewall-Rules Configuration
  10. 10. Scanning with tools To name few:  Nessus  Nmap  Nexpose  OpenVAS  Qualys
  11. 11. Nessus Compliance check
  12. 12. Nexpose AWS Audit
  13. 13. Whole Audit Process Explained Auditing with Nessus: https://www.tenable.com/blog/nessus-amazon-aws-auditing-now- available Auditing With Nexpose: http://www.esecforte.com/auditing-your-cloud-infrastructure-with- nexpose-enterprise/
  14. 14. Extracting Metadata Extracting Juicy information  Manual  Using Nimbostratus Tool
  15. 15. Manual Method Use curl to access Metadata Metadata Information Will be available Here: curl http://publicIP/ http:// publicIP /latest/
  16. 16. Manual Method
  17. 17. Using Nimbostratus Nimbostratus can fingerprint & Exploit AWS Infrastructures Features:  Dump permissions  Dump instance meta-data  Create new user More: http://andresriancho.github.io/nimbostratus/
  18. 18. Conclusion Points to Remember while Securing AWS: Different users for different tasks Audit users and groups periodically Security Practices applicable for SSH or service Security Best Practices: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
  19. 19. References http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-tutorials.html https://thoughtsandideas.files.wordpress.com/2012/05/step-2-2-amazon-ec2- instance1.png https://www.youtube.com/watch?v=CaJCmoGIW24 http://unix.stackexchange.com/questions/82626/why-is-root-login-via-ssh-so-bad-that- everyone-advises-to-disable-it https://www.blackhat.com/docs/us-14/materials/us-14-Riancho-Pivoting-In-Amazon- Clouds-WP.pdf

×