While we haven't covered Amazon Web Services, or AWS, on Null Byte before, Amazon's cloud computing platform is ripe for attack by hackers, pentesters, and cybersecurity researchers. It's also an excellent cloud hosting service to build or use vulnerable-by-design AWS setups and frameworks.
AWS buckets are a particularly vulnerable attribute to Amazon's cloud service, which store files and allow employees and other users to share them. Internet-facing services also use these buckets to store sensitive information, such as server backups or backend scripts. These buckets can be private or public, but the former is the one targeted by hackers.
For instance, an ex-Amazon employee who took advantage of a firewall misconfiguration stole credit card applicants' details from the company's AWS buckets, as well as other sensitive material from 30 other companies and systems. In a different type of attack, a hacking group was able to set up a rootkit that let them control servers and siphon sensitive data from corporations.
And as with all hosting platforms, there are other ways to hack accounts and services or set up penetration tests that you're legally allowed to perform, and many attack vectors center around AWS misconfigurations.
While we may not cover AWS vulnerabilities much on Null Byte, learning ..
Support the originator by clicking the read the rest link below.
