Hacking Cloud Services Flashcards
1
Q
Cloud Vulnerability Scanners
A
trivy clair dagda twistlock sysdig
2
Q
Define S3
A
AWS Simple Storage Service
3
Q
S3 Enumeration
A
Check source code
Scanners (bucketkicker, S3Scanner, S3Inspector)
4
Q
AWS Enumerations
A
Account IDs Social Media Posting Roles Keys/Credentials Password Reuse Hosted Vulnerable Apps IM Role Misconfigurations
5
Q
AWS Pentesting Tools
A
PACU
CloudGoat 2
AWS_pwn
6
Q
AWS IAM Privilege Escalation Techniques
A
Create EC2 Instance with Existing Profile
Custom Permissions
Add yourself to new group