From the course: Ethical Hacking: Enumeration
Join today to access over 24,800 courses taught by industry experts.
Enumerating cloud policies
From the course: Ethical Hacking: Enumeration
Enumerating cloud policies
- [Instructor] When we start Pen Testing AWS it's usually based on having a set of credentials. These may have been obtained from earlier testing as hard coded API core parameters or from finding the credentials after penetrating a system. Let's use the Amazon command line tool to look at enumerating policies using credentials that have stored in to profiles called scenario one and scenario two. These come from testing deployments, I've set up using the CloudGoat AWS test system. There's a reasonable amount of work involved in setting up a testing environment for AWS. So we won't do that here, but if you want to get hands on with AWS, then I'd suggest you hop over to my Pen Testing AWS with Python course and take a deeper dive into the cloud. With the scenario two access keys. Let's look at how we enumerate the overall cloud accounts. We can do a first check on an access key using the command aws sts get access…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.