# AWS Offensive Security - [AWS Attacks and Techniques](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques.md): Demonstrating various attacks that can be performed on AWS accounts and services - [Data Poisoning - Bedrock Knowledge Base](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/data-poisoning-bedrock-knowledge-base.md): How to poison Amazon Bedrock Knowledge Base - [Enumerate AWS Organization ID](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-organization-id.md): How to enumerate the AWS Organization ID - [Enumerate AWS Account IDs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-account-ids.md): To maintain security, AWS Account IDs should be handled carefully, even though they are not deemed confidential. While they are not secrets, they can lead to exposure of sensitive resources or data. - [Enumerate AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-iam-users.md): Exposure of AWS IAM Usernames can further aid attackers efforts to access an AWS account. Exposure leaves users vulnerable to attacks such as phishing and password-spraying. - [Enumerate (Unauthenticated) IAM Users and Roles](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-unauthenticated-iam-users-and-roles.md): Exploiting an AWS feature of the IAM Role Trust Policy allowing for unauthenticated enumeration of AWS IAM Users and Roles in AWS Accounts. - [Enumerate AWS Public Resources](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-public-resources.md): Public resources like EBS and RDS snapshots or SSM Documents can lead to data and credential leaks. - [Enumerate Secrets in AWS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-secrets-in-aws.md): Tips and tricks for discovering secrets in AWS - [Generate AWS Console Session](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-aws-console-session.md): Get access to the AWS console with AWS access keys - [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-iam-access-keys-from-cloudshell.md): Using an undocumented endpoint, we can leverage CloudShell from the AWS Console and create AWS Access Keys for the logged on user. - [Password Spraying AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/password-spraying-aws-iam-users.md): Performing password spray attacks against AWS console users can lead to successful credentials validation and, in turn, access to the AWS user and AWS account. - [Server Side Request Forgery (SSRF)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/server-side-request-forgery-ssrf.md): Server Side Request Forgery attacks can lead to the compromising of AWS EC2 IAM Roles - [Subdomain Takeovers](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/subdomain-takeovers.md): Compromise a subdomain by taking over resources no longer existing - [AWS Defense Evasion](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion.md): Techniques attackers use to avoid detection - [CloudTrail Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/cloudtrail-tampering.md): Techniques for avoiding CloudTrail detection - [GuardDuty Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/guardduty-tampering.md): Techniques for avoiding and disabling GuardDuty detection - [Undocumented AWS APIs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/undocumented-aws-apis.md): Techniques for avoiding CloudTrail detection - [Nonproduction API Endpoints](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/nonproduction-api-endpoints.md): Techniques for avoiding CloudTrail detection - [AWS Persistence](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence.md): Techniques threat actors use to maintain persistence in an AWS environment - [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generate-iam-access-keys-from-cloudshell.md): AWS persistence technique - [Creating IAM Access Keys](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/creating-iam-access-keys.md): AWS persistence technique - [Backdoor an IAM Role](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/backdoor-an-iam-role.md): AWS persistence technique - [Generating Temporary AWS Credentials from IAM User](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-aws-credentials-from-iam-user.md): AWS persistence technique - [Generating Temporary Credentials from SSO Credentials File](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-credentials-from-sso-credentials-file.md): AWS persistence technique - [AWS Privilege Escalation](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation.md): Leveraging AWS permissions for privilege escalation and compromise - [EC2](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/ec2.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation - [Elastic Container Registry (ECR)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/elastic-container-registry-ecr.md): Abusable Amazon ECR permissions that can lead to compromise or privilege escalation - [Identity Access Management (IAM)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse.md): Abusable AWS IAM permissions that can lead to compromise or privilege escalation - [IAM Trust Policies](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/attacks-techniques-and-tools.md): Abusable AWS IAM Trust Policies that can lead to compromise or privilege escalation - [Key Management Service (KMS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-1.md): Abusable AWS KMS permissions that can lead to compromise or privilege escalation - [Lightsail](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/lightsail.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation - [OpenID Connect (OIDC)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/openid-connect-oidc.md): Abusing default or poorly configured Identity Provider IAM Trust Policies for privilege escalation - [RDS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/rds.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation - [S3](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-2.md): Abusable AWS S3 permissions that can lead to compromise or privilege escalation - [Secrets Manager](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/secrets-manager.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation - [Security Token Service (STS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/sts.md): Abusable AWS STS permissions that can lead to compromise or privilege escalation