cloud_breach_s3 / AWS cloud hacking - download the confidential files from the AWS S3 bucket.

1 year ago
23

12/2019
Starting as an anonymous outsider with no access or privileges, exploit a misconfigured reverse-proxy server to query the EC2 metadata service and acquire instance profile keys. Then, use those keys to discover, access, and exfiltrate sensitive data from an S3 bucket.

https://github.com/RhinoSecurityLabs/cloudgoat/tree/master/scenarios/cloud_breach_s3

Loading comments...