Pentesting Cloud Networks


  • Attackers are interested in Metadata APIs.

  • Only accessible by the server itself.

  • Metadata APIs contain:

    • Information about systems[ Credentials, region etc]

  • Abuse of Metadata API [ AWS is still vulnerable]

    • Check for SSRF vulnerabilities.


  • Once the credentials have been retrieved. Export them as environment variables.

  • Testing if credentials work: aws sts get-caller-identity

  • List buckets : aws s3 ls

Last updated