Can I use this skill to identify privilege escalation paths?

Absolutely. It focuses heavily on IAM, including identifying shadow admin permissions like iam:CreateAccessKey and iam:PassRole exploitation.

Is this skill suitable for auditing S3 bucket security?

Yes, it includes techniques for bucket discovery, enumeration, and testing for public access or misconfigured permissions.

Does it support testing for both IMDSv1 and IMDSv2?

Yes, the skill provides specific workflows for extracting credentials via the older IMDSv1 as well as the token-based IMDSv2 metadata service.

What tools are recommended for this AWS security skill?

This skill leverages industry-standard tools including Pacu, Prowler, ScoutSuite, SkyArk, and the AWS CLI for comprehensive security assessments.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Conducts comprehensive security audits and penetration tests on Amazon Web Services environments to identify vulnerabilities and privilege escalation paths.

This skill provides a robust framework for assessing the security posture of AWS cloud infrastructure, guiding users through sophisticated red team techniques. It covers essential tasks such as IAM permission enumeration, identifying shadow administrators, and exploiting metadata SSRF (IMDSv1/v2). By offering specific CLI workflows and automation patterns, this skill helps security professionals and developers uncover risks in S3 bucket configurations, Lambda functions, and EC2 instances, ensuring a thorough evaluation of cloud security controls.

主要功能

01IAM enumeration and shadow admin discovery

02S3 bucket discovery and content auditing

030 GitHub stars

04Advanced IAM privilege escalation techniques

05Lambda function exploitation and code extraction

06Metadata service exploitation for EC2 and Fargate

使用场景

01Executing a professional red team assessment on AWS infrastructure

02Auditing IAM policies to identify and remediate overly permissive roles

03Testing cloud applications for SSRF vulnerabilities targeting the metadata service

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

主要功能

01IAM enumeration and shadow admin discovery

02S3 bucket discovery and content auditing

030 GitHub stars

04Advanced IAM privilege escalation techniques

05Lambda function exploitation and code extraction

06Metadata service exploitation for EC2 and Fargate

使用场景

01Executing a professional red team assessment on AWS infrastructure

02Auditing IAM policies to identify and remediate overly permissive roles

03Testing cloud applications for SSRF vulnerabilities targeting the metadata service

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill