Hands-On AWS Penetration Testing with Kali Linux: Set-up a virtual lab and pentest major AWS services such as EC2, S3, Lambda, CloudFormation, and more

I work as an AWS security consultant and keep up with state of the art in attack research against AWS, so I'll begin with the quick summary that this book does a great job of collecting and explaining the concepts of AWS attack research.This book was published by Packt, which if you read enough technical books, you likely have an opinion of this publisher. They tend to rush publication as their books are often on version specific subjects or otherwise change quickly as is the case here. As a result there were a couple of word choice mistakes (such as referring to an "S3 instance" instead of "S3 bucket") or issues that would have been caught by a more thorough editor (such as the Preface mentioning that Chapter 17 would include information about Security Monkey, which it does not).Of the two authors, I have never heard of Karl Gilbert. Benjamin Caudill on the other-hand is well-known in the AWS security community through his company Rhino Security. Rhino has published novel research and developed an AWS attack tool named Pacu. This book collects a lot of their research and focuses a lot on using Pacu.Despite the title, this book isn't about Kali Linux. I heard a rumor the publisher unfortunately forced the use of that title and some discussion of using Kali, which distracts from the main content.The book focuses on attack techniques against AWS and is primarily aimed at pentesters. Defenders will benefit from being aware of the attacks though. The book could be picked up by someone with no AWS experience, but in some places some minimal Python experience will help.Some new material that hasn't been mentioned elsewhere is included in this book, such as Chapter 14's discussion of CloudFormation tricks.There haven't been many other AWS security books, and none until now that focus on the attacker side. It was interesting to see the perspective from the attacker viewpoint.

I received the book earlier this week and am on the final chapter now. I've been following the Rhino team's AWS research for a while, so when I saw Ben (their CEO) was helping write an AWS book I had to check it out.The only 'negative' thing I could say is that I ended up skimming a lot of earlier sections that were fairly basic and weren't security specific. Aside from that, I enjoyed the book and how they provided specific steps on attacking different AWS services.

This is by far the best book about AWS security. It is full of practical examples of how to perform Penetration testing activities against AWS environments. The chapter on permissions and role assumption is exemplary.I have reread this book 3 times on various engagements. If you touch aws, this is the book for you.

This book is a must have for any AWS security professional. Its geared towards the advanced security admin, but contains easy to follow examples and sample code. This book covers all the tools you need to audit and help secure your AWS account. At 500 pages its very in depth, and probably the best and most valuable book I've ever bought.

This book is a good way to learn what you can do to hack cloud services, in this case, AWS Services. For me, it was a good book to learn about hacking some cloud services.

AS ADVERTISED!

Building the RDP/VNC/Guacamole connection was a disaster. All packages are outdated. If you follow the book it simply doesn't work. I had to resort to online research in order to build GUI for the AWS image. Spent two days and the result was: Guacamole is so slow and hangs/freezes all the time with the constant "Network unstable" message. Also Kali-included Internet browsers become broken and simply don't open.VNC connection: x11vnc produces black screen (known bug). Tight VNC and tigerVnC both make resizing the VNC display impossible (XRandR extension is missing on the new Kali). No mention of doing anything from the on-premise setup. The only interest is represented by the use of a couple of special tools.P.S. 4/16/2020: I added a star because it will work if you work very carefully and have good shell skills. Also basic techniques are well described.

The command line edits in the book don't work. You'll end up spending a lot of time debugging.I bought the book to learn AWS Penetration Testing, not debugging terrible code and instructions. This maybe fine for person who has a lot of time, but when you need to learn a few skills quickly this book is a let down.

Extremely happy with purchase.

Great introduction into AWS Pentesting. Well structured and written. I liked introduction into Pacu as well because its extensible to your own needs.

The book had some pretty good info about pen-testing AWS environments for both attackers and defenders.I kinda felt for the money that they are selling the book, it should include more content.