Enumerating Secrets in AWS Secrets Manager - Lab Walkthrough
HTML-код
- Опубликовано: 16 июл 2024
- This is a walkthrough for a Lab from Cybr called Introduction to AWS Secrets Manager Enumeration where we learn how to enumerate AWS Secrets Manager in a sandboxed AWS environment.
This is a service that organizations can use to store their secrets, which makes it a juicy target for attackers. As security professionals, it’s our job to find potential weaknesses in our organization’s environments so that we can fix them before threat actors find them.
🚨Disclaimer
What is shown in this video is purely for educational purposes. This type of information should only ever be used for ethical purposes and to stop attackers. It should not be performed against resources you do not have explicit permissions for. We do not condone using the information in this video for any other purposes.
📑 Resources 📑
- Lab link: cybr.com/courses/iam-privileg...
- Secrets Manager Enumeration Cheat Sheet: cybr.com/courses/iam-privileg...
- IAM PrivEsc Labs Course: cybr.com/courses/iam-privileg...
➡️ Get access to this lab with a free Cybr account: cybr.com
⏰ Timestamps ⏰
00:00 - 01:24 - Introduction
01:25 - 01:30 - Education Disclaimer
01:31 - 02:22 - AWS Credentials
02:23 - 03:26 - GetCallerIdentity
03:27 - 04:22 - ListUserPolicies
04:23 - 06:18 - GetUserPolicy
06:19 - 07:23 - Secrets Manager CLI commands
07:24 - 07:49 - CLI Cheat Sheet
07:50 - 09:04 - List Secrets
09:05 - 10:12 - List Secrets Versions
10:13 - 11:48 - Get Secrets Resource Policies
11:49 - 12:34 - Describe Secrets
12:35 - 13:41 - Get Secrets Values
13:42 - 14:29 - Decoding Secrets
14:30 - 15:48 - Next Steps - Наука
Descriptive and easy to follow content, awesome work Cybr team!
Appreciate it!
Great lab to demonstrate AWS Secrets Manager enumeration. Awesome you guys are putting this up as free content too!
Thanks for the comment! I’m glad it’s helpful and we’ll keep putting out!
Lovely lab..Thanks
Glad you enjoyed it! Thanks!
Please help me 😭
I tried social engineering tool single email i entered the password but the
Error is came
it appears your password was incorrect. printing response: a bytes-like object is required, not 'str'
What?? This video is not related to social engineering or emails/passwords. I think you have the wrong video
@@Cybrcom lol
First
Interesting