AWS IAM Enumeration ft. KaliMax --- [Attacking & Defending AWS - TryHackMe - Part 20]

Показать описание

--- This is the final video in the "Attacking & Defending AWS" Pathway by TryHackMe! In this video, we are joined by my friend KaliMax for a walkthrough of the "AWS IAM Enumeration" module.

He covers the following:
- How IAM resource policies can be abused to identify valid IAM principals
- How to use open source tools to efficiently enumerate valid principals in a given AWS account
- How to footprint potential services, including security services, enabled for an account

Enjoy!
--------------
This content is intended for educational purposes only. All demonstrations and techniques shown are designed to teach ethical hacking and improve cybersecurity. Any use of the information provided in these videos is done at your own risk and should be used responsibly. Unauthorized hacking, illegal activities, or violations of privacy are not endorsed or encouraged. Always ensure you have proper authorization before attempting any security testing or hacking.

Tyler Ramsbey || Hack Smarter

Рекомендации по теме

Комментарии

So at 07:47 he used his already established profile credentials. But the exercise supposedly said you should be able to get information if you aren't authenticated. When attempting to just look up with access key id, AWS returns a non authenticated message which means the exercise doesn't work as intended.

drage

How were you able to tell that route53resolver was not enabled but the other services were?

MagVeTs

AWS IAM Enumeration ft. KaliMax --- [Attacking & Defending AWS - TryHackMe - Part 20]

AWS IAM Enumeration ft. KaliMax --- [Attacking & Defending AWS - TryHackMe - Part 20]

AWS API Gateway ft. KaliMax --- [Attacking & Defending AWS - TryHackMe - Part 18]

IAM Permissions --- [Attacking & Defending AWS - TryHackMe - Part 5]

AWS Lambda ft. KaliMax --- [Attacking & Defending AWS - TryHackMe - Part 16]

AWS VPC - Attack and Defense --- [Attacking & Defending AWS - TryHackMe - Part 13]