AWS S3 Enumeration Basics

We created this beginner-friendly lab to give an introduction to one of the most popular AWS services - S3 (Simple Storage Service), and show how attackers can use it to get a foothold and escalate privileges in a cloud environment.

It's your first day on the red team, and you've been tasked with examining a website that was found in a phished employee's bookmarks. Check it out and see where it leads! In scope is the company's infrastructure, including cloud services.

• Basic Linux command line knowledge

• Familiarity with the AWS CLI
• Basic S3 enumeration and credential exfiltration
• An awareness of how this scenario could be been prevented

Amazon S3 (Simple Storage Service) is a very popular (and the second oldest!) AWS service that is used to store files and backups, and can even be used to serve websites. This multi-use functionality has led some to argue that this service would be more secure if it were split into separate public web hosting and private file storage services. In recent years AWS have introduced more visual warnings when customers are making buckets world-readable, but still, if this setting is available, people will set it! Misconfigurations and overly permissive settings in S3 have resulted in many data breaches over the years.