My First AWS CTF | Pentesting.Cloud IMDSv2 Token Bypass

There's a new site for free AWS CTF's called Pentesting.Cloud
and today I'm going to do a walkthrough of one of their harder rooms, Token of Gratitude. In this room we're going to be covering AWS S3/IAM/EC2/website enumeration, IMDSv2 Session Tokens, and even some PHP scripting!

Sign up for a free account at https://pentesting.cloud.

This video and lab are for learning purposes only. You should only attempt to do these actions on environments that you have permission to do so in! And better yet, learn how to protect against these methods.

Links used in video:

https://docs.aws.amazon.com/AWSEC2/la...
https://github.com/danielmiessler/Sec...
https://linuxhint.com/execute_shell_c...
https://www.webhostface.com/kb/knowle...
https://code.tutsplus.com/tutorials/h...
https://github.com/JohnBreth/AWS_Pent...

00:00 - AWS CTF Intro
02:57 - Token of Gratitude CloudFormation Setup
07:04 - AWS S3 Enumeration
08:29 - AWS IAM Enumeration
10:02 - AWS EC2 Enumeration
13:44 - AWS EC2 Port Scanning With Nessus
15:45 - What Is AWS IMDSv2?
19:35 - Review AWS EC2 Nessus Scan
20:58 - Scanning AWS EC2 For PHP Files With URLBuster
23:30 - AWS S3 PHP File Upload
29:10 - AWS IMDSv2 PHP Session Token Script
38:26 - AWS CloudShell IMDSv2 Session Token
40:52 - AWS S3 Flag Download
42:27 - AWS CTF CloudFormation Template Review

Music provided by: https://mccoybeats.com/

#cloudpentesting #aws #ctf
Below you'll find what are known as affiliate links. These are links to things that I actually use and recommend. If you buy them, I will receive a super small kickback that helps support this channel and the giveaways I do on social media. Thanks!!

(YouTube Gear, IT Devices, Books, Pre-workout I use...STUFF I 100% RECOMMEND)

The most comprehensive course I've found on learning about encryption and TLS. It really is a combination of topics from multiple classes I've taken. Here is a link for it with a $100 off:
https://classes.pracnet.net/courses/p... (Affiliate Link)

A great resource I've used to learn about AWS networking is the AWS Networking Fundamentals book: https://amzn.to/3voSe7z (Affiliate Code)

I've also recently started using the AWS Security Cookbook: https://amzn.to/3KSSJN4 (Affiliate Code) and AWS Advanced Networking book: https://amzn.to/3KSGU9x (Affiliate Code). Both breakdown topics very well and have some great labs(a bit more advanced then what is needed for the SOA exam).

Here is the Comptia Pentest+ training book bundle I used to pass the new PenTest+.
(Affiliate Link) - https://amzn.to/3A9X8Hx

Network+ Study Guide that I co-authored: (Affiliate Link) https://amzn.to/2vTODU2

Amazon Affiliate Store: https://www.amazon.com/shop/jbizzle703

---------------------------------------------------------------------------------------------------------------------------------------
Subscribe to our monthly newsletter and blog notifications
https://mailchi.mp/e7b56addb7fc/cyber...

C----Y-----B-----E-----R-----I-----N-----S-----I-----G-----H-----T
J.B.C.'s Site ️https://www.jbcsec.com/insights
Swag Store ️ https://www.teepublic.com/user/jbc
Twitter ️   / jbc_sec  
Author ️   / jbizzle703  

---------------------------------------------------------------------------------------------------------------------------------------