A collection of scenarios and code samples demonstrating potential exploitation techniques in AWS services. Designed for educational purposes and security awareness.
The content and techniques described here are meant strictly for educational and awareness purposes. Unauthorized use or misuse outside of a controlled environment can lead to legal consequences and potential harm. Always proceed with caution and obtain necessary permissions.
-
Cookie Theft via CloudFront Function (Folder: CloudFront-Scenario1):
- Description: This scenario illustrates how an attacker can exploit a CloudFront setup to steal cookies from users. It employs a CloudFront function in conjunction with a simulated login page to demonstrate the theft.
-
Data Exfiltration via Lambda Function Modification (Folder: CloudFront-Scenario2):
- Description: In this setup, an attacker exploits a Lambda function associated with a CloudFront distribution. The attacker modifies the Lambda function to exfiltrate user request data to an external server.
-
Persistence via AppSync API Key (Folder: AppSync-Scenario1):
- Description: In this scenario, an attacker exploits an AppSync. The attacker adds an authentication provider to establish persistence.
-
Persistence via AppSync Resolver Modification (Folder: AppSync-Scenario2):
- Description: This scenario shows how an attacker can modify the resolvers from AppSync to provide unique functionality to a user-controlled by them.
-
Sensitive Data Access via ALB Rule Manipulation (Folder: ALB-Scenario1):
- Description: This scenario demonstrates how an attacker can manipulates ALB rules to inject malicious scripts and bypass authentication, leading to unauthorized access and exfiltration of sensitive user data.
(More scenarios will be added as the repository grows.)