For those of you interested in learning AWS Security and Penetration Testing, here is my best list of shared and compiled resources:
[Training] [FREE] AWS Training site
Training program built by AWS
https://www.aws.training/
[Training] [Free tier] + [Paid] AWS Cloud Quest
Immersive role-playing simulation that provides skill badges on completion
https://aws.amazon.com/training/digital/aws-cloud-quest/
[Training] [Paid] Antisyphon Training - Breaching the Cloud with Beau Bullock
Walks through a complete penetration testing methodology of cloud-based infrastructure on AWS, Azure, and GCP
https://www.antisyphontraining.com/on-demand-courses/breaching-the-cloud-w-beau-bullock/
[Training + Lab] [Paid] Pentester Academy - AWS Bootcamp and AWS Cloud Security Labs
https://attackdefense.pentesteracademy.com/listing?labtype=aws-cloud-security-bootcamp&subtype=aws-cloud-security-bootcamp-recordings
[Training + Lab] [Paid] Cybr - Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT
Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs
https://cybr.com/courses/pentesting-aws-environments-with-pacu-cloudgoat-and-chatgpt/
[Training + Lab] [Free tier] + [Paid] Cybr - IAM Privilege Escalation Course & Labs
Learn hands-on how attackers exploit IAM misconfigurations in AWS to escalate privileges
https://cybr.com/courses/iam-privilege-escalation-labs/
[Training] [Paid] Pluralsight (formerly acloudguru)
This path includes six certifications: AWS Certified Cloud Practitioner, AWS Certified Solution Architect Associate, AWS Certified Security - Specialty, AWS Certified Solution Architect Professional, AWS Certified SysOps Administrator - Associate, AWS Certified Advanced Networking - Specialty
https://www.pluralsight.com/cloud-guru/paths/aws-security
[Training + Lab] [Paid] Pluralsight (formerly acloudguru)
These hands-on labs are designed to teach you how to apply Identity and Access Management and other AWS services to address real-world security scenarios
https://www.pluralsight.com/resources/blog/cloud/ryans-cloud-playlist-hands-on-labs-for-learning-aws-essentials
[Training + Workshops] [FREE] AWS Workshop Studio - join hands on events and workshops
Here you will find a collection of workshops and other hands-on content aimed at helping you gain an understanding of the AWS service ecosystem and introduce you to a variety of best practices that can be applied to securing your environments and workloads running in AWS
https://catalog.workshops.aws/
https://awssecworkshops.com/
[Resource - Wiki] [FREE] HackTricks AWS Pentesting
Repository of AWS hacking resources and methodology
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security
[Resource - Wiki] [FREE] Hacking The Cloud
An encyclopedia of attacks/tactics/techniques for cloud and AWS
https://hackingthe.cloud/aws/general-knowledge/aws_organizations_defaults/
[Resource - Cheatsheet] [FREE] PayloadsAllTheThings - AWS Cloud
AWSome Pentesting Cheatsheet
https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/AWS%20Pentest/
OG - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md
[Resource - Repo] [FREE] OffensiveCloud Github Repo
Offensive security tips and penetration testing TTP for Cloud based environments by lutzenfried
https://github.com/lutzenfried/OffensiveCloud/tree/main/AWS
[Resource - Cheatsheet] [FREE] AWS CLI Tool Cheatsheet by Beau Bullock
Amazon Web Services (AWS) CLI Tool Cheatsheet
https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md
[Research] [FREE] AWS Customer Security Incidents Github Repo
A repository of headline AWS cloud breaches and their root causes, compiled by Rami McCarthy
https://github.com/ramimac/aws-customer-security-incidents
[Resource - Methodology, Blog] [FREE] AWS Pentesting Methodology by Lizzie Moratti
A write up of how Lizzie approaches pentesting AWS and a framework from which one could operate from
https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58
[Reading - Overview] [FREE] HackerOne - What is Pentesting on AWS?
A practical guide / overview of pentesing on AWS
https://www.hackerone.com/knowledge-center/penetration-testing-aws-practical-guide
[Reading - Overview] [FREE] HackTheBox - AWS penetration testing: a step-by-step guide
Christian Becker, Advanced Attack Simulation Specialist at Y-Sec, shares essential techniques and tools for AWS pentesting
https://www.hackthebox.com/blog/aws-pentesting-guide
[Reading - Overview] [FREE] Cobalt - A Comprehensive Guide to AWS Pentesting
Taking a high level look at what AWS pentesting is, how you can perform a pentest on this popular platform, and overall AWS security
https://www.cobalt.io/blog/comprehensive-guide-to-aws-penetration-testing
[Reading - ebook] [Paid] AWS Penetration Testing - Johnathan Helmus
Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap
https://www.packtpub.com/product/aws-penetration-testing/9781839216923
[Lab] [FREE] AWS Free Teir
Gain free, hands-on experience with the AWS products and services
https://aws.amazon.com/free/
[Lab] [FREE] Breakforge - Breaching the Cloud
Amazon Web Services Account Setup
https://btc.breakforge.io/4-Amazon-Web-Services-Account-Setup-5884220bcf12422591d10a0a8b9fb829
[Lab] [FREE] Cloud Goat
Vulnerable by design AWS Lab
https://github.com/RhinoSecurityLabs/cloudgoat
[Lab] [FREE] INE - AWSGoat
A Damn Vulnerable AWS Infrastructure
https://github.com/ine-labs/AWSGoat
[Lab] [FREE] IAM Vulnerable
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground
https://github.com/BishopFox/iam-vulnerable
[Lab] [FREE] Cloudfoxable labs
An intentionally vulnerable AWS environment. Pairs well with learning Cloudfox Exploit Framework
https://github.com/BishopFox/cloudfoxable
Video walkthrough: https://www.youtube.com/watch?v=Ljt_JUp5HbM
[Lab] [FREE] flAWS.cloud
Learn about common mistakes and gotchas when using Amazon Web Services (AWS)
http://flaws.cloud/
[Lab] [FREE] flAWS2.cloud
This game/tutorial teaches you AWS (Amazon Web Services) security concepts
http://flaws2.cloud/
[Labs] [Paid] TryHackMe - Attacking and Defending AWS
Practical, hands-on experience with Amazon Web Services
https://resources.tryhackme.com/attacking-and-defending-aws
https://tryhackme.com/path/outline/attackinganddefendingaws
[Lab] [Paid] Hack the Box - Black Sky - Hailstorm
Enterprise only cloud penetration testing labs
https://www.hackthebox.com/business/professional-labs/cloud-labs-blacksky
[Lab] [Free tier] + [Paid] Pwnedlabs
Real-world, byte sized cloud security labs for training
https://pwnedlabs.io/
[Lab] [Paid] HackTheBox - AWS Fortress
Cloud hacking from Hack The Box and Amazon Web Services
https://www.hackthebox.com/blog/amazon-web-services-fortress
[Lab] [Free tier] + [Paid] Cybr
Learn AWS security by doing with practical Hands-On Labs
https://cybr.com/hands-on-labs/
[Lab] [Paid] INE - AWS Cloud Security Bootcamp
This hands-on bootcamp teaches you the security basics of the five most popular cloud-native components on AWS
https://my.ine.com/CyberSecurity/courses/0d6e87c5/aws-cloud-security-bootcamp
[Certification] [Paid] AWS Certified Cloud Practitioner
Foundational, high-level understanding of AWS Cloud, services, and terminology.
https://aws.amazon.com/certification/certified-cloud-practitioner/
[Certification] [Paid] AWS Certified Security - Specialty
Validates your expertise in creating and implementing security solutions in the AWS Cloud
https://aws.amazon.com/certification/certified-security-specialty/
[Certification] [Paid] HackTricks Training - AWS Red Team Expert ARTE
Hands on training lab and certification for AWS Red teaming
https://training.hacktricks.xyz/courses/arte
[Certification] [Paid] Cyberwarefare AWS Cloud Red team Specialst CARTS
Labs, training, and certification
https://cyberwarfare.live/product/aws-cloud-red-team-specialist-carts/
[Certification] [Paid] Cloudbreach - Offensive AWS Security Professional (OAWSP)
Acquire knowledge about utilizing AWS-specific attack methods in hands-on labs
https://cloudbreach.io/breachingaws/
[Video Playlist] [FREE] AWS Cloud 101 - Tyler Rambsey
Video walkthrough of TryHackMe - Attacking and Defending AWS
https://www.youtube.com/watch?v=JUO-m5ga-gc&list=PL0iJrrpaWpyXyL8SDc9H-g-aY9A8LiKRO
[Video Playlist] [FREE] AWS Pentesting 50 Video Playlist
Complied video list by Tamir Zuhair
https://www.youtube.com/playlist?list=PLbT8rDUmot22PkfO-zJNKOwiE1dSkmGDP
[Video - Walkthrough [FREE] AWSGoat Demo
A Damn Vulnerable AWS Infrastructure by Jeswin Mathai Shantanu Kale and Sanjeev Mahunta
https://www.youtube.com/watch?v=Seit8u_XKFQ
[Video] [FREE] Evading Logging in the Cloud: Bypassing AWS CloudTrail
Nick Frichette discusses techniques discovered to bypass aws cloudtrail logging
https://www.youtube.com/watch?v=YP2XNAbB_Nw
[Video Playlist] [FREE] AWS Pentesting - Punit Darji
AWS cloud pentesting and technical walkthroughs of the attacks
https://youtube.com/playlist?list=PLkfaD6nYyhM229NF7YtRaEOpU8Oc1hchR&si=I5U-sk9K-HxLSHg3
[Tool - Vuln Scan] [FREE] ScoutSuite
Multi-cloud security-auditing tool
https://github.com/nccgroup/ScoutSuite
[Tool - Vuln Scan] [FREE] Prowler
Perform Multi-Cloud best practice assessments
https://github.com/prowler-cloud/prowler
[Tool - Exploit Framework] [FREE] Cloudfox
Find exploitable attack paths in cloud infrastructure
https://github.com/BishopFox/cloudfox
[Tool - Exploit Framework] [FREE] Pacu
Open-source AWS exploitation framework
https://github.com/RhinoSecurityLabs/pacu
[Tool] [FREE] S3Scanner
For discovering 'Leaky' Buckets
https://github.com/sa7mon/S3Scanner
[Tool] [Free tier] + [Paid] grayhatwarfare Bucket Filter
Search Public Buckets
https://buckets.grayhatwarfare.com/buckets?type=aws
[Tool - Repository] Toniblynx's Arsenal of AWS Security Tools
This list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
[Tool + Search Query] grep.app
Search across a half million git repos
https://grep.app/search?q=aws_secret
[OS] [FREE] Red Cloud OS
Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers
https://github.com/RedTeamOperations/RedCloud-OS