Hacking Cloud Services Flashcards

1
Q

Cloud Vulnerability Scanners

A
trivy
clair
dagda
twistlock
sysdig
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define S3

A

AWS Simple Storage Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

S3 Enumeration

A

Check source code

Scanners (bucketkicker, S3Scanner, S3Inspector)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Enumerations

A
Account IDs
Social Media Posting
Roles
Keys/Credentials
Password Reuse
Hosted Vulnerable Apps
IM Role Misconfigurations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS Pentesting Tools

A

PACU
CloudGoat 2
AWS_pwn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS IAM Privilege Escalation Techniques

A

Create EC2 Instance with Existing Profile
Custom Permissions
Add yourself to new group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly