AWS Security

Dear readers,

This month, when the spring is already in full swing, we decided to provide you with an issue that will meet all of your ethical hacking needs. Inside, you will find both articles dedicated to AWS security and AWS hacking tools, as well as plenty of amazing offensive tutorials contributed by the students of Paris Cité University. Without further ado, let’s dive in!

The edition opens with a great paper The Problem of Public S3 Buckets (And How to Secure Them) by Jill Kamperides, which will help you understand the vulnerabilities of public S3 buckets and how to save yourself from leaking your credentials. Later on we have Walking Through PACU The AWS Post Exploitation Framework, an article about using PACU for scenarios where the attacker is already in possession of a key pair with some level of access to AWS. 

Next, you will learn about AWS Data Security Basics from a data dynamics approach. The author discusses a couple of main security services provided for every fundamental component of AWS cloud, and tries to sketch a horizon for their different characteristics from a data dynamics point of view.

Later on we have some articles that fans of offensive security will definitely enjoy! We have Post Exploitation: Stealing Valuable Data from Browsers and OS, How To Hack an Android Remotely and Create a Complete Backdoor in Python, three amazing tutorials by students from Paris Cité University, that will guide you step-by-step through three different hacking techniques. 

But that’s not all! You will also get a chance to learn more about the new OWASP Top 10, how to perform an XXE attack on WordPress, how to create malware with Python, and what Hack-Tool is. 

We hope this diverse issue will sustain all of the needs the ethical hackers can have! As you can see, it covers various topics, from AWS security to hacking with Python, so this should be a treat for every offensive security enthusiast. 

Enjoy these awesome tutorials and let’s get down to hacking!

Stay safe, 

Magdalena Jarzębska and Hakin9 Editorial Team

---

Table of Contents

The Problem of Public S3 Buckets (And How to Secure Them)

Jill Kamperides

AWS is a major cloud provider that offers data storage solutions via their Simple Storage Service (otherwise known as S3 ‘buckets’). Companies use S3 buckets for a multitude of reasons: storing event logs, client reports, sales records, configuration files, resumes... anything you can think of, really. With that in mind, there exists a scary setting for S3 buckets that can make them public. If configured poorly enough, everything you store in the bucket can be viewed and downloaded by anyone on the internet. With a labyrinth of configurations to navigate, it’s easier to understand how one wrong setting may inadvertently reveal someone’s tax returns. And as cloud services continue down this path of rapid growth, this problem continues to grow as well. The number of public S3 buckets has multiplied drastically in the past 10 years, and the types of data exposed by these buckets raises concern.

---

Walking through PACU The AWS Post Exploitation Framework

Júlio Silveira Melo

PACU is a framework that can help a lot in the context of post-exploitation on AWS. It avoids repeating many steps and commands, making the attack faster and more effective. It also has a modular architecture and is easy for a developer with little experience in Python 3 and AWS to contribute to the evolution of the framework.

---

AWS Data Security Basics: A Data Dynamics Approach

Taqie Taqiezadeh

AWS, which stands for Amazon Web Services, is a cloud computing environment that provides web services to customers through the Internet. A cloud prepares what you need as a customer via centralized resources including data storage, servers, networking, databases, etc. AWS cloud presents services in the form of web. One of the important issues regarding AWS is its security. In this essay, we're going to briefly discuss a couple of main security services provided for every fundamental component of AWS cloud, and try to sketch a horizon for their different characteristics from data dynamics point of view in which providers are going to make a trade-off between cost and facilities provided by that special service technology.

---

Post Exploitation: Stealing Valuable Data from Browsers and OS

El Hamim Charaf-eddine, Mahmoud Chibani

Browsers are probably the most common piece of software that we all use daily; thus, a lot of people trust their browser and store their credentials for future use. In this article, we will discuss different ways of extracting and decrypting credentials stored in browsers. We will also talk about multiple Metasploit modules including hashdump.

---

How to Hack an Android Remotely

Rostom Amine, Stephane Patel

First, what is Android? Android is an operating system which is largely used in mobile devices. The biggest competitor is Apple with iOS. Android monopolizes more than 75% of the market, and Android systems are free to develop, and that can be dangerous because we can do anything we want: a calculator, or a reverse-shell. We can hack an Android phone remotely in a lot of different ways. For example, with a USB key, once you plug it in, it takes control of your phone, or a fake charging cable that provides access to all your information, or applications that are supposed to be useful like a calculator or a video game but is actually a virus that can take control of your phone. We will show you the method of the fake app that will be named Google Network services, but is in no way a product of Google.

---

Create a Complete Backdoor in Python

Jordan Laires, Samy Mouri, Yacine Amrani

In this article, we will provide a detailed explanation for the creation of an advanced backdoor in Python for remote administration of the victim PC. Our tool is intended to pass undetectable and provide persistent access for the attacker. Our Backdoor will act as a Remote Administration Tool (RAT). When the victim executes our RAT, the hacker can execute any command and remotely manage the victim machine. A wide range of actions are available in the tool, such as keylogger, start webcam, register from the microphone, etc. At the end of this article, we will provide an explanation on how a user can protect his PC from these types of attacks.

---

Web Attacks - OWASP Strikes Back

Verónica Berenguer Garrido

In the cybersecurity world, the rise of security attacks in recent years has been continuously growing, especially from 2020 due to the appearance of COVID-19 in our lives. The final year of the decade will be recorded as the year where the most security incidents were registered. This is due to the digital acceleration of organizations to  adapt to the new technological era. Cybercriminals take advantage of these situations to evolve their attacks. The security analytics evolve like the attackers and lean on nonprofit foundations such as Mitre Att&ck or OWASP, among others. In this case, we are centered on explaining briefly the finality of the OWASP Project to detect/mitigate web attacks.

---

XXE Attacks on WordPress

Lylia Djali, Moncef Khodri

Web-application hacking is one of the most famous types of attacks targeting small and even big businesses. In this article, we will focus on one type of web attack, XML External Entity (XXE) attack, that made it into the 4^th spot of the OWASP top 10 list in 2017 and 5th in 2021 under security misconfiguration, as shown in the figure below taken from OWASP’s site. XML is a markup language that is commonly used in web development. It is used for storing and transporting data. We will learn how an attacker can use this vulnerability to gain the information and try to defame a web-application. So, to demonstrate this attack and its impact, we made our own site with the help of WordPress CMS.

---

Create an Undetectable Malware with Python

Menouar Djema, Assirem Bouyoucef

In a world that is becoming increasingly connected, the threat of cyber-attacks is growing, due to several factors, including the vulnerability of networks and data in cyberspace, the evolution of the digital world, and finally, a severe lack of investment by businesses and governments in the processes, technologies and people needed to deter and defend against cyber-attacks. Malware is a malicious software developed with the intent to harm a computer system without the consent of the owner of the infected computer. During our research and development, we analysed the behaviour of Windows defender to make our malware undetectable

---

When You go Phishing, Bring your Tackle Box!

Byron Gorman

There is one tool that every fisherman needs in their tool kit, and the beauty is, no installation on your forensic machine is required. Now there is a browser extension but that is also a great attribute because one click on your Chromium based browser, Mozilla Firefox, or Safari, and you’re in. As a phisher man, I was so impressed with the one tool that I can use that is lightweight, compact, and powerful. The Hack-Tool that you can find on GitHub, it is one of the most diverse tools that a hacker can have in their kit. With the hardening of firewalls and the increase in outer realm security, it has become harder for infiltrations. Assessments and Red/Blue team operations are finding it harder to crack the perimeter. The Hack-Tool seems to have an arsenal of tools that can be used to leverage the field. Well, let’s take a look. You no longer need to search for payloads or on your local storage space, most of the tools are accessible in one click.