AWS Penetration Testing Review

What is AWS Penetration Testing?

AWS (Amazon Web Service) Penetration Testing can also be considered as one of the areas that pentester will invest in during Red Team Activities. The finding that might catch the eyes of the attacker would be AWS Privilege Access where the attacker can penetrate the system from low until full administrative privileges.

AWS Privileges Escalation penetrate

The vulnerabilities that been identified in AWS escalation penetrate which can be given the potential impact on each AWS system. The potential impact can be found listed below:

Policy version new creationDefault policy version to an updated version setupAccess key for new user creation Policy version new creation

If an attacker gain permission for an instance called iam: CreatePolicyVersion where the new IAM policy can be created that allow the attacker to configure their own custom permission in the AWS system.

For the attacker to successfully configure the new Policy Version, they will have to require the Default Policy Version permission to be executed. However, they have also configured “-set-as-default” within the new policy version.

Exploit Impact: The attacker will gain full administrator access into the AWS account.

Default policy version to an updated version setup

Read More: