Slide 15
Slide 15 text
Finding S3 Bucket
● Google search
● Google dork
● Shodan
● Censys
● Use discovery (OSINT) tools – Sublist3r and Amass
● Bruteforce name
● Shodan, Certificate Transparency Logs, Censys, numerous
bucket finder scripts, GrayHat Warfare bucket search
AWS (Mis)configuration
from attacker’s eye-view