AWS Pentesting

Aditya Chauhan
1 min readFeb 20, 2023


Performing penetration testing on Amazon Web Services (AWS) requires a strong understanding of the platform and its security features. Here are some key steps and commands to keep in mind when performing AWS pentesting:

  1. Reconnaissance:
  • Use the AWS CLI to enumerate instances and gather information about them: aws ec2 describe-instances
  • Use the AWS console to gather information about the target’s VPC, subnets, security groups, and IAM roles
  1. Enumeration:
  • Enumerate AWS API keys: aws iam list-access-keys
  • Enumerate S3 buckets: aws s3 ls
  • Enumerate EC2 instances with sensitive data: aws ec2 describe-instances --filters "Name=tag-key,Values=sensitive-data" --query 'Reservations[].Instances[].InstanceId'
  • Enumerate security groups: aws ec2 describe-security-groups
  1. Exploitation:
  1. Privilege escalation:
  • Use IAM privilege escalation techniques such as modifying policies, adding new users or groups, or leveraging existing IAM roles
  • Use OS-level privilege escalation techniques to elevate privileges on an EC2 instance
  1. Covering tracks:
  • Delete or modify logs to cover up tracks: aws cloudtrail delete-trail --name trail-name
  • Stop the instance to avoid detection: aws ec2 stop-instances --instance-ids instance-id

It is important to note that penetration testing on AWS requires proper authorization and should be done within the confines of the legal and ethical boundaries.



Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher