An introduction to cloud penetration testing on AWS, tailored for those familiar with traditional web and network penetration testing. It highlights critical areas and potential pitfalls in AWS security, using practical attack scenarios to illustrate key concepts. The discussion covers common vulnerabilities like leaky S3 buckets and misconfigured resource-based policies, emphasizing the importance of securing IAM users and roles. It also touches on tools like Aussie for resource discovery and the significance of CloudTrail logs for both attackers and defenders, including tips on evading detection. The presenter recommends “The Cloud Goat” website for more in-depth AWS penetration testing techniques.
Cloud Penetration Testing for Traditional Hackers | Nick Frichette
