AWS Cloud Penetration Testing

Stay ahead of AWS Vulnerabilities

Penetration testing (or pentesting, for short) on the AWS cloud is unique, bringing its own set of security factors. While some vulnerabilities are mitigated through Amazon security measures, the complexity of these services leaves many companies exposed.

Rhino Security Labs’ AWS penetration testing services are aimed at specifically these needs, identifying the configuration and implementation flaws which often go unchecked.

Traditional security infrastructure and AWS clouds differ in various ways. From setup and configuration to identity and user permissions, the technology stacks could not be more distinct.

The most noticeable difference is the ownership of the systems, meaning Amazon requires formal permission for penetration testing, carried out on approved dates. The purpose of this policy is since the testing is affecting Amazon-owned infrastructure, the attacks of ‘ethical hacking’ would violate acceptable use policies (and may provoke incident response actions by the AWS team).
By making these testing windows clear, we ensure both a thorough and safe security assessment.

Also exceptional is the architecture of Amazon Web Services and its set of powerful API’s. Deeply integrated into the AWS ecosystem, our security engineers test for a range of AWS-specific tests, including the following:

• EC2 instance and application exploitation
• Targeting and compromising AWS AMI keys
• Testing S3 bucket configuration and permissions flaws
• Establishing private-cloud access through Lambda backdoor functions
• Cover tracks by obfuscating Cloudtrail logs

Blackbox Engagement

Blackbox penetration testing is designed as a more realistic attack simulation, requiring no insight to the targeted cloud.
While this leaves certain areas unknown (such as user permissions and access controls), it is often preferred as a means of identifying true external risk. If a more holistic approach is favored, whitebox testing may be more useful.

Whitebox Engagement

In a whitebox AWS engagement, a client provides a secured account on the AWS management console to the Rhino assessment team.
By enabling this view into specific implementation details, our AWS experts can provide guidance on security details otherwise inaccessible to attackers. This approach is designed as a more informed, audit-style engagement, and distinct from the blackbox style.

1 - Can all Amazon services be pentested?

Generally, yes. There’s essentially two categories of cloud offerings –

A – User-Operated Services – These cloud offerings are primarily created and configured by the users themselves, with little or no interaction with the hosting provider (such as EC2). Generally speaking, these can be thoroughly tested and have few restrictions except for denial of service (DDoS) and related disruptions to business continuity.
All security checks require the proper forms and process, as mentioned above.

B – Vendor Operated Services – Cloud offerings which are owned/operated by the by the vendor, and provided ‘as a service.’ Examples would be Gmail, Dropbox, Salesforce, and AWS services like Cloudfront and API Gateway. That’s not to say implementations of these don’t have vulnerabilities, but just that the testing focuses on implementation and configuration, rather than the infrastructure testing which is owned by the provider.

As we demonstrated with the S3 buckets, there are many misconfigurations, permissions, and implementation flaws which can make an individual instance vulnerable to compromise, but penetration testing on those platforms doesn’t involve attacking the cloud provider infrastructure itself.

Schedule Your AWS Penetration Test

Make the process from penetration testing your AWS cloud environment as simple, and efficient as possible by reaching out to us early. We can walk you through the entire process, and it will help us to understand a better idea of your security assessment needs.