You, hey you, yeah you; wann learn a bit about aws elastic compute hacking?

Just, me, you and an EC2

👇 An ec2 can be considered an interaction point, where it is possible to gain entry into aws of an org. This is a continuation of yesterdays thread:

https://twitter.com/rootcathacking/status/1635255565072076801

My recent #aws threads always startet with creds, but how to get these creds will be the topic over the next days.
#hacking #recon #cloud

Lets start here:
👇 Definitions first:
#aws creds: classic name and passwords e.g for IAM, or aws access and secret keys
Outside: no creds, and no connections in any way to the org and its aws cloud to be tested

I pet a cat today and now my allergies are killing me, so obviously this calls for a follow up of, hey you found some #aws creds, what to do meow:

#cloud #hacking #Recon
👇 Step 1: First you gotta decide if this is more of a lazy space vibe kinda thing (A), or (B) calls for some illegal dirty acidcore and adjust your playlist accordingly:
A:
B: soundcloud.com/pitch1/i-can-h…

So you found #aws creds to an S3, lets do some #cloud #hacking #recon:

👇 First of all, S3 stands for serious summertime sadness
and allows the general operations of:

list
get
put
delete

An S3 is a bucket and within a bucket there are objects. Basically an object can be anyfile. Objects have keys assoziated

So you wanna do some #azure #recon:

I give you a few pointers.
👇 Step 1: Say kiitos to @DrAzureAD then install AADInternals, set your phasers to stun and your POWAHSHELL to german to ensure MAXIMUM efficiency