This week our topic is going to be AWS. Amazon Web Services (AWS) was the leading cloud service provider in Q3 2020, increasing its share of total spend from last quarter to 32%. Working with several local and global organizations using AWS, we keep learning more and more about the platform and enrich our knowledge to stay on top of the most recent learnings and insights.
Here’s a great group of tools and resources to learn from:
First up, we’ve got Offensive Terraform Modules - a collection of automated offensive attack modules defined as Infrastructure as Code (IaC). My favorite one is "Cross Account Persistence". For more information and new attack vectors, why not set up a virtual coffee date with our CTO and co-founder Or Azarzar.
Next up is Anatomy of AWS Lambda - Lambda internals is super important for offensive, defensive, and R&D purposes.
Then there’s serverless.com - Following recommendation No. 2, I personally believe that reading about a topic is not enough, you need to practice! Using the Serverless framework, it is super easy to develop a serverless architecture and better understand the Lambda internals. I dare you to develop a vulnerable architecture and share an exploitation tutorial with us. Are you up to the challenge??
And for now, the last one is aws-s3-virusscan - It can be useful especially for public buckets, with improper permissions ofA R/W.