AWS Penetration Testing: Implement various security strategies on AWS using tools such as Kali Linux, Metasploit, and Nmap

Helmus, Jonathan

買這商品的人也買了...

商品描述

Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to ethical hacking and learn to secure your AWS environment

Key Features

  • Perform cybersecurity events such as red or blue team activities and functional testing
  • Gain an overview and understanding of AWS penetration testing and security
  • Make the most of your AWS cloud infrastructure by learning about AWS fundamentals and exploring pentesting best practices

Book Description

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.

You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, compromising Identity and Access Management (IAM) keys, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can't make changes due to vendor restrictions, and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.

By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.

What you will learn

  • Set up your AWS account and get well-versed in various pentesting services
  • Delve into a variety of cloud pentesting tools and methodologies
  • Discover how to exploit vulnerabilities in both AWS and applications
  • Understand the legality of pentesting and learn how to stay in scope
  • Explore cloud pentesting best practices, tips, and tricks
  • Become competent at using tools such as Kali Linux, Metasploit, and Nmap
  • Get to grips with post-exploitation procedures and find out how to write pentesting reports

Who this book is for

If you are a network engineer, system administrator, or system operator looking to secure your AWS environment against external cyberattacks, then this book is for you. Ethical hackers, penetration testers, and security consultants who want to enhance their cloud security skills will also find this book useful. No prior experience in penetration testing is required; however, some understanding in cloud computing or AWS cloud is recommended.

商品描述(中文翻譯)

深入了解安全評估、漏洞利用、工作負載安全和加密,這本指南將教你進行道德黑客攻擊,並學習如何保護你的AWS環境。

主要特點:

- 執行紅隊或藍隊活動和功能測試等網絡安全事件
- 瞭解AWS滲透測試和安全性的概述和理解
- 通過學習AWS基礎知識和探索滲透測試的最佳實踐,充分利用你的AWS雲基礎設施

書籍描述:

AWS在設計強大的雲基礎設施時,一直將雲安全視為最高優先事項。現在,AWS已擴展其支持,允許用戶和安全專家對其環境進行滲透測試。這不僅揭示了許多漏洞,並將現有系統中的弱點暴露出來,還為組織建立了一個安全的雲環境的機會。本書教你如何在受控的AWS環境中進行滲透測試。

你將首先對主要的AWS資源進行安全評估,如Amazon EC2實例、Amazon S3、Amazon API Gateway和AWS Lambda。在本書的過程中,你還將學習特定的測試,如應用程式利用、破壞身份和訪問管理(IAM)金鑰、測試權限缺陷和發現弱策略。接著,你將發現如何通過後門Lambda函數建立私有雲訪問。隨著進一步的學習,你將探索由於供應商限制而無法進行更改的禁區,並找出在這些情況下如何避免被AWS標記。最後,本書將帶你通過專業的方式,提供保護你的雲環境的技巧和訣竅。

通過閱讀本書,你將熟練掌握各種道德黑客技術,以保護你的AWS環境免受現代網絡威脅。

你將學到什麼:

- 設置你的AWS帳戶,並熟悉各種滲透測試服務
- 深入研究各種雲滲透測試工具和方法
- 發現如何利用AWS和應用程式中的漏洞
- 瞭解滲透測試的合法性,並學習如何保持範圍內
- 探索雲滲透測試的最佳實踐、技巧和訣竅
- 熟練使用Kali Linux、Metasploit和Nmap等工具
- 掌握後期利用程序,並瞭解如何撰寫滲透測試報告

本書適合對外部網絡攻擊保護AWS環境的網絡工程師、系統管理員或系統操作員。道德黑客、滲透測試人員和安全顧問也會發現本書有用。不需要事先的滲透測試經驗,但建議對雲計算或AWS雲有一定的了解。

作者簡介

Jonathan Helmus is a penetration tester and adjunct professor with over 10 years of experience in a mixture of engineering, information security, and information technology. He resides in Seattle, WA, and works for Nordstrom as a pentester, helping Nordstrom's clients and customers execute successful penetration tests and red team engagements. As an educator, he works with various universities by teaching and educating the next generation of cybersecurity professionals. Jon currently holds a master's degree in cybersecurity with a focus on ethical hacking and pentesting, and he holds the Offensive Security Certified Professional (OSCP) certification. Known in the hacker community as Moos1e, Jon can be found on Twitter at Moos1e_Moose.

作者簡介(中文翻譯)

Jonathan Helmus 是一位滲透測試師和兼職教授,擁有超過10年的工程、資訊安全和資訊技術經驗。他居住在華盛頓州的西雅圖,目前在 Nordstrom 擔任滲透測試師,協助 Nordstrom 的客戶進行成功的滲透測試和紅隊行動。作為一位教育工作者,他與各大學合作,教授和培養下一代的資安專業人員。Jon 目前擁有碩士學位,專攻於道德黑客和滲透測試,並持有 Offensive Security Certified Professional (OSCP) 認證。在駭客社群中,Jon 以 Moos1e 的名字聞名,可以在 Twitter 上找到他的帳號 Moos1e_Moose。

目錄大綱

Table of Contents

  1. Building Your AWS Environment
  2. Pentesting and Ethical Hacking
  3. Exploring Pentesting and AWS
  4. Exploiting S3 Buckets
  5. Understanding Vulnerable RDS Services
  6. Setting Up and Pentesting AWS Aurora RDS
  7. Assessing and Pentesting Lambda Services
  8. Assessing AWS API Gateway
  9. Real-Life Pentesting with Metasploit and More!
  10. Pentesting Best Practices
  11. Staying Out of Trouble
  12. Other Projects with AWS

目錄大綱(中文翻譯)

目錄


  1. 建立您的 AWS 環境

  2. 滲透測試和道德黑客

  3. 探索滲透測試和 AWS

  4. 利用 S3 存儲桶

  5. 了解易受攻擊的 RDS 服務

  6. 設置和滲透測試 AWS Aurora RDS

  7. 評估和滲透測試 Lambda 服務

  8. 評估 AWS API Gateway

  9. 使用 Metasploit 等進行真實滲透測試!

  10. 滲透測試最佳實踐

  11. 避免麻煩

  12. 其他與 AWS 相關的專案