hacking the cloud | getting usernames and passwords



Transcript Summary and Key Points

Short Summary

This tutorial is a technical guide on hacking into an AWS account by exploiting a Jenkins server. The session explains the steps from compromising the Jenkins service, gaining access to the EC2 instance, and escalating privileges to access various resources within the AWS account including S3 buckets. Additionally, it covers the use of tools such as Amazon Detective and AWS GuardDuty for threat detection and investigation to enhance AWS security understanding. The instructor emphasizes the importance of legality in hacking and encourages viewers to seek permission before engaging in such activities.

Key Points

  • The tutorial involves advanced techniques in AWS security and hacking.
  • The facilitator, Mr. Hacker Loy, has expertise in AWS, holding all 12 AWS certifications.
  • The primary service targeted is Jenkins, an open-source CI/CD pipeline tool.
  • Gain access to the EC2 instance through operating system command injection.
  • Elevation of access to AWS resources by leveraging the instance metadata.
  • Tools discussed include Amazon Detective and AWS GuardDuty for monitoring and investigating suspicious activity.
  • The tutorial demonstrates practical examples of enumeration and gaining temporary access to critical resources.
  • Emphasis on the legality of hacking practices, advising to obtain parental permission before attempting any hacking activities.
  • The importance of monitoring permissions to prevent unauthorized access to AWS accounts.
  • Ability to set up listeners and reverse shells for further exploitation.
  • Monitoring IAM roles and exploiting overly permissive policies can lead to significant data access risks.
  • Visualizations provided by Amazon Detective help in quick investigations regarding suspicious activities.

Youtube Channel: Loi Liang Yang
Video Published: 2024-08-25T07:53:17+00:00

Video Description:
// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: https://www.youtube.com/channel/UC1szFCBUWXY3ESff8dJjjzw/join

// Courses //
Full Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
, Full Web Ethical Hacking Course: https://www.udemy.com/course/full-web-ethical-hacking-course/
Full Mobile Hacking Course: https://www.udemy.com/course/full-mobile-hacking-course/

// Books //
Kali Linux Hacking: https://amzn.to/3IUXaJv
Linux Basics for Hackers: https://amzn.to/3EzRPV6
The Ultimate Kali Linux Book: https://amzn.to/3m7cutD

// Social Links //
Website: https://www.loiliangyang.com
Facebook: https://www.facebook.com/Loiliangyang/
Instagram: https://www.instagram.com/loiliangyang/
LinkedIn: https://www.linkedin.com/in/loiliangyang/

// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.