Aws on s4yhii's blog

Cloudgoat rce_web_app scenario

Tue, 10 Jan 2023 12:00:00 -0400

Cloudgoat RCE_WEB_APP Scenario

Introduction

CloudGoat is a training and learning platform developed by Rhino Security Labs to help individuals and organizations understand the risks and vulnerabilities associated with cloud-based applications. One of the scenarios available on CloudGoat is the RCE_web_app scenario, which allows users to practice exploiting remote code execution vulnerabilities in a web application running on the cloud.

In this blog post, we will walk through the RCE_web_app scenario in CloudGoat and provide a step-by-step guide on how to exploit the vulnerability and gain access to the application’s backend. We will also discuss the significance of this vulnerability and how it can be prevented in real-world scenarios. By the end of this post, you should have a better understanding of the risks and challenges associated with web application security in the cloud and how to mitigate them. So, let’s get started!

Vulnerability Management with Nessus in AWS

Thu, 20 Jan 2022 12:00:00 -0400

Introduction

In this tutorial we will cover vulnerability scanning and vulnerability remediation. These are two of the main steps in the Vulnerability Management Lifecycle. We will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities.

EC2 Instance Setup

first step is launch an EC2 instance, the recommended requirements are:

windows OS

basic: t3 medium
recommended: t3 xlarge

Decrypt your password to login in a RDP session and use this to access your EC2 instance

AWS Certified Cloud Practicioner Notes

Sun, 16 Jan 2022 12:00:00 -0400

Cloud computing and IAM

Types of Cloud Computing

Infrastructure as a Service (IaaS)

Provide building blocks for cloud IT
Provide networking, computers, data storage space
Highest level of flexibility
Simulate the look from managing physical resources
Eg: EC2, EBS, GCP, Digital Ocean, Elastic Load Balancing

Platform as a Service (PaaS)

Remove the company to manage underlying infrastructure
Focus on deployment and management of applications
You will define the behavior and environment for your application (code)
Eg: Heroku, ECS, Elastic Beanstalk

Software as a Service (SaaS)

Completed product that is run and managed by the service provider
offer services meant to be accessed by end users
Eg: Gmail, Outlook, Recognition for ML, Zoom

Cloud Resume Challenge

Mon, 10 Jan 2022 12:00:00 -0400

Cloud Resume Challenge

Setup AWS

Create your aws account

Setup MFA for your roor account

Create an IAM user

Assign permission (Principle of Least privilege)

Setup Vault (https://github.com/99designs/aws-vault)

aws-vault add myuser ( ex: aws-vault add dev)

aws-vault exex myuser — aws s3 ls

Setup S3

What is s3: file service useful for storing files usually for host a website

What is AWS SAM: server less application model

we will create an AWS Lambda (we ignore this for now)