AWS Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP

MITRE’S ATT&CK®

AWS Pen Test

Initial Access to AWS Cloud by Adversaries

1. Exploit Public-Facing Apps.
2. Trusted Relationship.
3. Valid Accounts.





Persistence of Adversaries in the AWS Cloud

1. Account Manipulation.
2. Create an Account.
3. Implant Container Image.
4. Valid Accounts.

Privilege Escalation of Adversaries in the AWS Cloud

1. Valid Accounts.





Defence Evasion of Adversaries in the AWS Cloud

1. Impair Defences.
2. Modify Cloud Compute Infrastructure.
3. Unused/Unsupported Cloud Regions.
4. Valid Accounts.

Credential Access of the AWS Cloud by Adversaries

1. Brute Force Attacks.
2. InSecure Credentials.





Discovery of AWS Cloud’s Infrastructure by Adversaries

1. Account Discovery.
2. Cloud Service Dashboard.
3. Cloud Service Discovery.
4. Network Service Scanning.
5. Network Share Discovery.
6. Permission Groups Discovery.
7. Remote System Discovery.
8. Software Discovery.
9. System Information Discovery.
10. System Network Connections Discovery.

Collection of Data in the AWS Cloud by Adversaries

1. Data from Cloud Storage Object.
2. Data from Information Repositories.
3. Data Staged.





Exfiltration of the AWS Cloud’s Data by Adversaries

1. Transfer Data to Cloud Account.

Impact of AWS Cloud Hacks

1. Defacement.
2. Endpoint Denial of Service.
3. Network Denial of Service.
4. Resource Hijacking.

