Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

Cloud Config Review for AWS

Apr 8, 2024

I created a vulnerable server for this lab. The purpose is to test run some of the tools.

Method 1: Testing via Nessus

Nessus > new scan > Audit Cloud Infrastructure

Choose this from Nessus
Press enter or click to view image in full size
Enter the Access Key ID and Secret Key
Press enter or click to view image in full size
choose either L1 or L2
Press enter or click to view image in full size
scan result is similar to CIS benchmark

Method 2: Testing via CloudSploit

enter the virtual environment, then make a copy of the original file.
Press enter or click to view image in full size
make the changes in the config.js file.
Press enter or click to view image in full size
how to run the scan.
Press enter or click to view image in full size
your result in excel.

Method 3: Testing via ScoutSuite

Press enter or click to view image in full size
how to run the scan.
Press enter or click to view image in full size
your result is saved in here.
issues found in red.
Press enter or click to view image in full size
violates the CIS benchmark.
Press enter or click to view image in full size
violates the best practice.
Cloud

--

--

0xLeeBai
0xLeeBai

Written by 0xLeeBai

55 followers
78 following

手握日月摘星辰,世间无我这般人。 不错!我就是美貌与智慧并重,英雄与侠义的化身:李白

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech