In this episode of the CompTIA PenTest+ PT0-003 series, Professor Erica explores the four critical cloud attack paths that penetration testers must master: IAM privilege escalation, S3 bucket enumeration, metadata service exploitation via SSRF, and container escape techniques.
IAM Privilege Escalation The video demonstrates how attackers can leverage overly permissive IAM policies to escalate privileges, moving from a low-level user to full administrative control by exploiting misconfigurations in trust policies and role assumptions.
S3 Bucket Misconfigurations
Using the Uber 2016 breach as a case study, Professor Erica shows how public S3 buckets can be enumerated with tools like aws s3 ls and custom scripts to find sensitive data exposed due to missing access controls.
Metadata Service Exploitation The Capital One 2019 attack chain is broken down to illustrate how a web application SSRF vulnerability can be used to query the cloud metadata service, retrieve temporary credentials, and pivot to other resources.
Container Escape Container escape techniques are covered, including exploiting privileged containers, mounted Docker sockets, and kernel vulnerabilities to break out of a container and access the host system.
The episode also highlights the top cloud pentesting tools: Pacu for automated IAM exploitation, Prowler for compliance and security auditing, and ScoutSuite for multi-cloud environment assessment. A quiz at the end tests viewers on key concepts.
This content is part of Domain 4 of the CompTIA PenTest+ PT0-003 certification, focusing on cloud-specific attack vectors and defensive considerations.