Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT
-
Introduction
About the course and author -
About using CloudGoat, Pacu, and ChatGPT
-
Who this course is for
-
Important quick note on AWS resource pricing
-
[LAB] Create a billing alert to avoid surprise bills
-
We want your feedback
-
Setting up our lab environmentRead this before installing Pacu/CloudGoat!
-
[DEMO] CloudGoat [Option #1] Install with pipx
-
[DEMO] CloudGoat Running with Docker
-
[DEMO] Pacu [Option #1] Install with pipx [Recommended]
-
[DEMO] Pacu [Option #2] Use with Docker
-
[DEMO] Configuring AWS access credentials for CloudGoat
-
[DEMO] Configuring AWS access credentials
-
Getting started with PacuPacu Quick Start Guide
-
IAM Privilege Escalation by Misconfiguration (Small / Easy)Scenario overview
-
[DEMO] Admin privilege escalation demonstration
-
[DEMO] Cleaning up our lab environment
-
Vulnerable Lambda (Small / Easy)Scenario overview
-
[DEMO] Creating our lab environment
-
[DEMO] Exploiting vulnerable Lambda functions for admin access
-
[DEMO] Cleaning up our lab environment
-
[Cheat Sheet] Solution steps (CLI)
-
[LAB] [CTF] Lambda SQLi PrivEsc to Access Secret
-
IAM Privilege Escalation by Rollback (Small / Easy)Scenario overview
-
[DEMO] Exploiting IAM versions
-
[DEMO] Cleaning up our lab environment
-
[Cheat Sheet] Solution steps (CLI)
-
[LAB] [CTF] PrivEsc via IAM Version Rollback
-
Cloud Breach via S3 (Small / Moderate)Scenario walkthrough
-
[LAB] [DEMO] Exploiting EC2 to reach S3
-
Preventing this exploit
-
Cleaning up our lab environment
-
[Cheat Sheet] Solution steps (CLI)
-
IMDSv2 Compromise (SMALL / MODERATE)Scenario walkthrough
-
[LAB] Compromise EC2 IMDSv2 with RCE
-
[Cheat Sheet] Solutions Steps (CLI)
-
ECS Takeover (Medium / Moderate)Scenario walkthrough
-
[DEMO] ECS RCE exploit to get credentials
-
[DEMO] ECS Takeover
-
[DEMO] Cleaning up our lab environment
-
[Cheat Sheet] Solution steps (CLI)
-
Wrap-up and Key TakeawaysWhat's next?
-
We want your feedback
Important quick note on AWS resource pricing
Christophe September 4, 2023
Before you get started and follow along, it’s important to understand that you may accrue some costs. The resources we’re exploiting in this course are real resources, and — especially if you’re not on the free AWS tier with a new account — you will get charged for some of those resources.
I did my best to highlight these resources and costs in each of the sections in the “Scenario Overview” lessons, so if you’re trying to only go through the free labs, please check those lessons before getting started.
We also provide and will provide 🧪 Cybr Hands-On Labs that you can deploy to avoid getting charged and to use our environments instead. However, we won’t be able to provide Cybr Hands-On Labs for all CloudGoat scenarios. Given how vulnerable some of these scenarios are, we don’t have a way of providing them without compromising our own lab platform or without watering them down too much which would defeat the purpose.
But, as long as you don’t forget to turn off any resources after you’re done with a lab environment or if you plan on stepping away for a few hours or days, then each lab will cost you far less than $5. With that said, we are not responsible for any costs you accrue going through this course. If you’re worried about this, don’t forget to set up billing alarms (I will show you how in the next lesson).
Responses