AWS - Security Hub Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Security Hub

Security Hub inakusanya data za usalama kutoka akaunti za AWS, huduma, na bidhaa za washirika wa tatu zinazoungwa mkono na inakusaidia kuchambua usalama wako na kubaini masuala ya usalama yenye kipaumbele cha juu.

In kuzingatia tahadhari zinazohusiana na usalama kati ya akaunti, na inatoa UI ya kutazama hizi. Kizuizi kikubwa ni kwamba haijazungumzia tahadhari kati ya mikoa, bali tu kati ya akaunti.

Characteristics

Mikoa (matokeo hayawezi kuvuka mikoa)
Msaada wa akaunti nyingi
Matokeo kutoka:
Guard Duty
Config
Inspector
Macie
washirika wa tatu
iliyojitengeneza dhidi ya viwango vya CIS

Enumeration

# Get basic info
aws securityhub describe-hub

# Get securityhub org config
aws securityhub describe-organization-configuration #If the current account isn't the security hub admin, you will get an error

# Get the configured admin for securityhub
aws securityhub get-administrator-account
aws securityhub get-master-account # Another way
aws securityhub list-organization-admin-accounts # Another way

# Get enabled standards
aws securityhub get-enabled-standards

# Get the findings
aws securityhub get-findings

# Get insights
aws securityhub get-insights

# Get Automation rules (must be from the admin account)
aws securityhub list-automation-rules

# Get members (must be from the admin account)
aws securityhub list-members
aws securityhub get-members --account-ids <acc-id>

Bypass Detection

TODO, PRs accepted

References

Jifunze & fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze & fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAWS - Macie Enum NextAWS - Shield Enum

Last updated 1 month ago