Back to Course

Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT

0% Complete
0/0 Steps
  1. Introduction

    About the course and author
  2. About using CloudGoat, Pacu, and ChatGPT
  3. Who this course is for
  4. Important quick note on AWS resource pricing
  5. [LAB] Create a billing alert to avoid surprise bills
  6. We want your feedback
  7. Setting up our lab environment
    Read this before installing Pacu/CloudGoat!
  8. [DEMO] Pacu [Option #1] Install with pip [Recommended]
  9. [DEMO] Pacu [Option #2] Use with Docker
  10. [DEMO] CloudGoat [Option #1] Install with Git
  11. [DEMO] CloudGoat [Option #2] Running with Docker
  12. [DEMO] Configuring AWS access credentials for CloudGoat
  13. [DEMO] Configuring AWS access credentials
  14. Getting started with Pacu
    Pacu Quick Start Guide
  15. IAM Privilege Escalation by Misconfiguration (Small / Easy)
    Scenario overview
  16. [DEMO] Admin privilege escalation demonstration
  17. [DEMO] Cleaning up our lab environment
  18. Vulnerable Lambda (Small / Easy)
    Scenario overview
  19. [DEMO] Creating our lab environment
  20. [DEMO] Exploiting vulnerable Lambda functions for admin access
  21. [DEMO] Cleaning up our lab environment
  22. [Cheat Sheet] Solution steps (CLI)
  23. [LAB] [CTF] Lambda SQLi PrivEsc to Access Secret
  24. IAM Privilege Escalation by Rollback (Small / Easy)
    Scenario overview
  25. [DEMO] Exploiting IAM versions
  26. [DEMO] Cleaning up our lab environment
  27. [Cheat Sheet] Solution steps (CLI)
  28. [LAB] [CTF] PrivEsc via IAM Version Rollback
  29. Cloud Breach via S3 (Small / Moderate)
    Scenario walkthrough
  30. [LAB] [DEMO] Exploiting EC2 to reach S3
  31. Preventing this exploit
  32. Cleaning up our lab environment
  33. [Cheat Sheet] Solution steps (CLI)
  34. ECS Takeover (Medium / Moderate)
    Scenario walkthrough
  35. [DEMO] ECS RCE exploit to get credentials
  36. [DEMO] ECS Takeover
  37. [DEMO] Cleaning up our lab environment
  38. [Cheat Sheet] Solution steps (CLI)
  39. Wrap-up and Key Takeaways
    What's next?
  40. We want your feedback

In short: this course is for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials or access.

This course includes a mixture of learning how to gain initial access and how to escalate privileges from existing access. There are more scenarios that lean on the privilege escalation path rather than gaining initial access, meaning that it is primarily about finding weaknesses and misconfigurations in AWS cloud environments that enable privilege escalation from limited credentials or from misconfigured services.

It is designed for those who want to test their own organization’s cloud security posture, or that of a client. That client or your organization has given you access to limited accounts or services that aren’t supposed to have elevated privileges, but you are going to exploit multiple different kinds of services and weaknesses to escalate privileges.

While there is one or two scenarios we’ll go through that show you how to exploit and gain access to credentials through misconfigurations, that’s not going to be the primary objective of this course and so if that’s what you’re expecting, then this is probably not for you. (We do plan on having a separate course that focuses more on gaining initial access since I know that’s an interest for many)

This course will teach you how to navigate the inner workings of AWS by exploiting multiple different services. It will teach you how to find weaknesses and misconfigurations in IAM through multiple different AWS services such as EC2, Lambda, ECS, etc… services commonly used by large and small companies around the world.

Many organizations quickly throw together IAM policies, run a couple of quick tests, and then think they’re good to go. This will show you why that’s not sufficient, and how badly written IAM policies or badly configured cloud instances and containers can be exploited to gain admin-level privileges through seemingly harmless configurations.

If this sounds interesting to you, then I’ll see you in the course!


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.