Identify tools and techniques to secure and perform a penetration test on an AWS infrastructure using Kali Linux
Key Features
- Learn not only to cover loopholes but also automate security monitoring and alerting within your cloud-based deployment pipelines
- Efficiently perform penetration testing techniques on your public cloud instances
- A step-by-step guide that will help you leverage the most widely used security platform to secure your AWS-cloud environment.
Book Description
The cloud is taking over the Information Technology industry. Any organization that is housing a large amount of data or infrastructure has started moving cloud-ward - and AWS rules the roost when it comes to Cloud Service providers with the closest competitor having less than half of its market share. This brings to light the importance of security on the cloud, especially on AWS. While a lot has been said (and written) about how cloud environments can be secured, performing external security assessments a la penetration tests on AWS still falls into the category of dark arts.
This book aims to help the pentesters as well as seasoned system administrators with a hands-on approach to penetration testing of the various cloud-services provided by Amazon through AWS using Kali Linux. To make things easier for novice penetration testers, the book focuses on building a practice lab and polishing penetration testing with Kali Linux on the cloud. This is not only helpful for beginners but also for a pentester who would want to set up a Pentesting environment in his private cloud, using Kali Linux, to perform a white-box assessment of his own cloud resources. Besides this, there is a lot of in-depth coverage of the large variety of AWS services that are often overlooked during a pentest - from serverless to automated deployment pipelines.
By the end of this book, you will be able to identify possible vulnerable areas efficiently securing your AWS-cloud environment.
What you will learn
- Guide a penetration tester through the process of enumerating and Pentesting the most common external facing AWS services.
- Guide a system administrator through the process of auditing his own infrastructure and identify flaws, weaknesses, and loopholes.
- Demonstrate the process of lateral and vertical movement through a partially compromised AWS account.
- Demonstrate the process of maintaining stealth and persistence within a compromised AWS account.
- Providing a hands-on approach accompanied by process-based examples for all of the above.
- Highlight a number of automated tools that would ease the process of continuously assessing and improving the security stance of an AWS infrastructure
Who This Book Is For
If you are a security analyst or a penetration tester who is interested in exploiting Cloud environment to find out vulnerable areas an securing them, then this book is for you.
Basic understanding of penetration testing, cloud computing, and its security concepts would be needed.
Karl Gilbert is a security researcher who has contributed to the security of some widely used open-source software. His primary interests relate to vulnerability research, 0-days, cloud security, secure DevOps, and CI/CD.
Mr. Benjamin Caudill is an adept penetration tester, security researcher, and entrepreneur. A veteran of the defense and finance industries, Mr. Caudill led red teams across a wide range of environments and technologies, uncovering vulnerabilities in key applications and cloud environments. As a security researcher, Mr. Caudill has lead dozens of development and exploitation projects, furthering the state of offensive research in the industry. His many publications and tools have been featured on CNN, Wired, Washington Post, and other major outlets.
As the founder of Rhino Security Labs, Mr. Caudill has built the boutique security firm and turned it into a major player in the penetration testing market. In addition to his executive role, Mr. Caudill oversees company research and development, ensuring the continued development of key offensive technologies.
