Exploiting Public AWS Resources: A Security Workshop at AWS Community Day Romania

By /

Listen to this Post

Learn how to step into an attacker’s shoes and exploit public AWS resources in this hands-on workshop led by Eduard Agavriloae and Lucian P. at AWS Community Day Romania. The workshop covers vulnerable AWS services, misconfigurations, and real-world exploitation techniques.

Workshop Details:

  • Date: April 11, 2024
  • Price: Free with conference ticket ($24)
  • Registration: Limited seats (10 left) – Register Here

You Should Know:

1. Identifying Public AWS Resources

Use AWS CLI to list publicly accessible S3 buckets: 

aws s3 ls --no-sign-request

Check for open security groups:

aws ec2 describe-security-groups --filters "Name=ip-permission.cidr,Values=0.0.0.0/0" --query "SecurityGroups[*].{Name:GroupName,ID:GroupId}"

#### **2. Exploiting Misconfigured S3 Buckets**

If a bucket allows public write access, upload a malicious file: 

aws s3 cp exploit.sh s3://vulnerable-bucket/ --no-sign-request

Download sensitive data if public read is enabled:

aws s3 sync s3://exposed-bucket/ ./local-dir --no-sign-request

3. Scanning for Open RDS & Lambda Functions

List publicly accessible RDS instances:

aws rds describe-db-instances --query "DBInstances[?PubliclyAccessible].{ID:DBInstanceIdentifier,Address:Endpoint.Address}"

Check Lambda function policies for public invocation:

aws lambda get-policy --function-name vulnerable-function

#### **4. Privilege Escalation via IAM Misconfigurations**

List IAM policies with overly permissive actions:

aws iam list-policies --query "Policies[?contains(PolicyName,'Admin') || contains(PolicyName,'FullAccess')].{Name:PolicyName,Arn:Arn}"

Exploit weak IAM roles:

aws sts assume-role --role-arn arn:aws:iam::123456789012:role/OverprivilegedRole --role-session-name ExploitSession

#### **5. Automating Recon with ScoutSuite**

Run an AWS security audit:

python3 -m pip install scoutsuite 
scout aws --access-keys --key-id AKIA... --secret-key ...

### **What Undercode Say:**

Publicly exposed AWS resources are a goldmine for attackers. Always:
– Restrict S3 bucket policies ("Effect": "Deny", "Principal": "*").
– Use AWS IAM Access Analyzer to detect unintended public access.
– Monitor AWS GuardDuty for anomalous API calls.
– Apply least privilege in IAM policies.

For defenders, hardening AWS requires:


<h1>Enable S3 bucket encryption</h1>

aws s3api put-bucket-encryption --bucket secure-bucket --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}' 


<h1>Disable public RDS snapshots</h1>

aws rds modify-db-snapshot-attribute --db-snapshot-id my-snapshot --attribute-name restore --values-to-remove all

**Expected Output:**

A hardened AWS environment with no unintended public resources, monitored via CloudTrail and Config.

Relevant URL: AWS Community Day Workshop Registration

References:

Reported By: Activity 7311788120759308289 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: