Yellowstone - Lamar Valley May 2022

Pen Testing AWS

This past weekend I spoke at BSides Nashville - Get outta my host and into my cloud: A primer for offensive operations in AWS.

Conducting offensive operations (Red Teaming or Pen Testing) in the cloud brings new challenges and opportunities. Most cloud-native operations don’t leverage Active Directory, so the race for Domain Admin won’t be as fruitful as it would be on-prem. However, several other techniques can be just as powerful. If you can pivot from the network/host plane into the cloud plane, you can find many new ways to move laterally, modify or disable security controls, and access data stores that would otherwise be out of reach.

This talk was similar to last year’s on Incident Response in AWS at BSides Atlanta. The intent was not to teach penetration testing or red teaming but instead helping to spread cloud knowledge to those who do that daily.

This topic was semi-inspired by Seth Art’s blog post of self-discovery: Cloud penetration testing.

The talk wasn’t recorded, but you can find the sides here. As I wrote the talk and slides, I also started writing the blog post.

Lin Manual Miranda: “Why do I write like I’m about to be shot by Aaron Burr?"

Thirteen pages later, I realized I didn’t write a blog post but a white paper. I was going to post it over at PrimeHarbor, along with a post on how to get an AWS PenTest, but then Nick Jones penned an excellent blog post On AWS Penetration Testing.

Captian America saying “So you want to get a Pen Test”

Meanwhile, it seems like I wasn’t the only one inspired to do a talk on this topic. Bryce Kunz did a talk on Cloud Red Teaming at BSides Tampa earlier this month. At the same conference, Beau Bullock of Black Hills Infosec spoke on pentesting with epic artwork. Following Beau, Mike Felch of Black Hills also posted a deck for Welcome to the Jungle: Pentesting AWS.

My take on what you want out of an AWS pen-test is posted here. The whitepaper is here.