whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added details for KMS, ACM and Route53

This commit is contained in:
gurkenhabicht 2024-02-23 23:34:21 +01:00
parent aa548b5700
commit 7f942bbffd
1 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
Enumeration/AWS.md
View File

@ -833,6 +833,11 @@ aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
### Lambda ### Lambda
Lambda is a serverless, event-driven compute service offered by AWS. Means, you
don't need a backend to a function you want to provider. A Lambda function
has its own container deployed.
A Lambda function can for 15 minutes at max.
Execute a lambda function via aws cli. Execute a lambda function via aws cli.
```sh ```sh
@ -1187,9 +1192,105 @@ aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
Create encryption keys to be used on AWS services through their API. Create encryption keys to be used on AWS services through their API.
Encryption of storage can also be done through KMS keys. Encryption of storage can also be done through KMS keys.
A KMS key created in one account can be used in a second account as well.
This means an attacker with sufficient privileges is able to (theoretically)
lock you out of data encrypted with a key from another account. This can be
mitigated through e.g. Object Versioning of an S3 bucket or MFA Delete.
Every KMS key has a (resource based) key policy attached to it. Therein is the
`Prinicpal` key-value set to permit access to the key. If
`arn:aws:iam::<accountId>:root` is set as Principal, every principal inside the
account is able to use the key.
An identity based policy can also be set, where the KMS key is mentioned in the
`Resource` list.
##### Create a KMS Key
Create a KMS key using aws cli.
```sh
aws kms create-key
```
##### Create a Data Key
Use the created KMS key to create a data key via aws cli.
```sh
aws kms generate-data-key --key-id <KeyId> --number-of-bytes 32
```
#### Amazon Certificate Manger (ACM) #### Amazon Certificate Manger (ACM)
Manage certificate so 2e2 encryption through TLS which are then used for other Manage certificate so 2e2 encryption through TLS which are then used for other
AWS services. AWS services.
##### Create an ACM TLS Certificate
Request a TLS certificate for a (sub-)domain via aws cli.
```sh
aws acm request-certificate --domain-name <AccountId>.example.org --validation-method DNS
```
##### Describe a Certificate
Details about a certificate can be queried via aws cli.
```sh
aws acm desribe-certificate --certificate-arn <certificate-arn>
```
#### DNS & Route53 #### DNS & Route53
List hosted DNS zone in an account via aws cli.
```sh
aws route53 list-hosted-zones
```
##### Register a Domain via Certificate through Route53
A subdomain can be useful for regular users and an attacker alike.
Create a file named `create_record.json` containing certificate details from the aws acm desription.
```json
{
"Comment": "subdomain.example.com record"
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet":
{
"Name": "<ResourceRecord/Name>",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [
{
"Value": "<ResourceRecord/Value"
}
]
}
}
]
}
```
Create the record from the previously created file via aws cli.
```sh
aws route53 change-resource-record-sets --hosted-zone-id <ZoneId> --change-batch file://create_record.json
```
Check the status of the created record using the `ChangeInfo` ID from the last
step via aws cli. The final status needs to be "INSYNC"
```sh
aws route53 get-change --id <ChangeInfo/Id>
```
Describe the certificate to see the details via aws cli, like mentioned in the
ACM chapter above.