This document is covering the AWS Penetration testing test cases collected from the internet.
- Creating a new policy version
- Setting the default policy version to an existing version
- Creating an EC2 instance with an existing instance profile
- Creating a new user access key
- Creating a new login profile
- Updating an existing login profile
- Attaching a policy to a resource
- Updating an inline policy for a resource
- Adding a user to a group
- Updating the AssumeRolePolicyDocument of a role
- Passing a role to a new Lambda function, then invoking it
- Passing a role to a new Lambda function, then triggering it with DynamoDB
- Updating the code of an existing Lambda function
- Passing a role to a Glue Development Endpoint
- Updating an existing Glue Dev Endpoint
- Passing a role to CloudFormation
- Passing a role to Data Pipeline
- Privilege Escalation to C2 AWS Administrator
- EC2 User Data Sensitive H1 Information Leakage
- CloudTrail H2 Logging Disabled
- AWS S3 H3 Bucket Data Leakage
- Weak H4 IAM Password Policy
- Redshift Cluster Database M1 Encryption Disabled
- VPC M2 Flow Logs Disabled
- Redshift Parameter Group M3 SSL Not Required
- No IAM User M4 Access Key Rotation
- Unencrypted Elastic Block Store L1 (EBS) Snapshots
- S3 Bucket Access L2 Logging Not Enabled
- S3 Bucket Versioning L3 Not Enabled
- Redshift User Activity L4 Logging Not Enabled
- Elastic Load Balancer Access L5 Logs Not Enabled
- EC2 Termination Protection I1 Is Disabled
- ec2 SSRF Vulnerability
Credits and Contributers of this document: