An Introduction to Penetration Testing AWS
Published: 06 August 2021 Last Updated: 03 November 2022
When penetration testing Amazon Web Services (AWS) environments there are different perspectives the assessment could consider, some are very similar to external infrastructure/web application assessments and some are different.
I’ll separate the things that are the same from the things that are different to traditional penetration testing by considering the following types of cloud testing and then breaking each one down into the kinds of testing that could take place:
Hashcracking with AWS
Published: 19 October 2020 Last Updated: 03 November 2022
Password cracking is a common step during compromising networks, from cracking wireless networks to compromising user passwords captured when LLMNR spoofing. In a previous post, I showed the steps to capture a WPA handshake and crack it using Hashcat. On my tiny travel laptop I achieved 416 hashes per second, which is…slow. AWS offers “GPU Optimized” EC2 instances which can offer a significant speed increase.
In this post we'll run through setting up Hashcat on an AWS instance to allow for rapid password cracking. These instances are pricey, but you often only need to run them for short bursts.