This Repository represents a reasonable and up-to-date framework for penetration testing for Amazon Web Services (AWS) environments. Although mainly designed for pentesting, this framework is also partially applicable to red team engagements.
It is build to be be used as a „checklist“ for penetration testing on AWS environments and represents a structured procedure, with the goal of reliably identifiying the most common AWS cloud vulnerabilities and missconfigurations.
It was initially designed and evaluated in the master thesis, which you can find on my ResearchGate. For the evalution of this framework, vulnerable cloud labs like CloudGoat or Flaws were used.
I wrote a whitepaper on this topic. This can be downloaded in english or german
There will be publicly available webinars were I will show you how to use this framework. If you are interested contact me :)
This Framework consists of three perspectives each of them represents an individual cycle which the tester should follow during a penetration test or red team assessment. So if you want to get started checkout out the three perspectives at first. Then start with the Outsider and hack yourself the way up to the Admin. Let's go for it.
This framework will be contionously improved based on hands experience gained through multiple cloud penetration tests. On my blog I will inform whenever there will be major changes .
Happy Hacking, Cheers!