flAWS.cloud — A fun interactive way to learn the basics of AWS Security — Part 1 — S3 Shenanigans

Topics Covered

  • AWS CLI Intro — Credential profiles, listing s3 buckets
  • S3 bucket configuration
  • IAM credential usage intro
  • Git secret retrieval (and cleanup)
  • EBS snapshot inspection & forensics
  • EC2 Instance Profile Metadata Attack (the Capital One incident)
  • Recon of API Gateway and Lambda

Level 1

Level 2

There’s a good little writeup on what we learnt from the previous Level:

Level 3

Bonus Digression: Cleanup with BFG

For remediation — my go-to (and recommended by GitHub) is BFG.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nick Doyle

Nick Doyle

Computer Scientist. Agile Enthusiast. Past lives include Perl Hacker, Web Developer, DBA, Tech Lead, Motorcycle Instructor, Forensic Data Analyst, & Cloud Guy