Using AWS Inspector for audits and attacks
Introduction
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
What are we going to cover?
This chapter will cover the AWS Inspector tool and the step by step guide on how we can run our own assessment on instances to discover vulnerabilities.
Steps to attack/audit
As we are trying to learn the tool, we will use the cloudhacker machine as our target.
Navigate to AWS Inspector
Click on
Help me create an Assessmentto start the wizardClick on
Advanced SetupIn the
Define an assessment targetpage, provide a name to the assessmentUncheck
All Instancescheckbox and selectNamefrom the Key dropdown and selectattacker-machinefrom the Value dropdownUncheck
Install Agentscheckbox
In the
Define an assessment templateyou can choose the Rules package that you would like to run on your targets. SelectCommon Vulnerabilities and Exposures-1.1and unselect the others for this hands-on exercise.Select the duration remain for 1 Hour.
Uncheck
Assessment Schedule
Click on
Next. Before clicking on create, an AWS Inspector agent has to be added to the target machine.
The AWS Inspector agent can be installed on the targets by following the instructions at https://docs.aws.amazon.com/console/inspector/install_agent
We will install the agent by downloading it on the cloud attacker machine
Run
wget https://inspector-agent.amazonaws.com/linux/latest/installsudo bash installClick
Createto see the created assessment. The assessment will begin and you can view the report at the end of 1 hour.
Additional references
Last updated