Hack AWS S3 — Catch AWS Account!

In this blog, I'll show you a nightmare scenario that could happen if you're storing your secrets in a publicly accessible AWS S3 bucket. Let's hack together!

1) Let’s assume that we’ve found an information security website. We started to investigate the DNS records related to this domain with MXToolBox.





2) We found this website is hosted with S3. Let’s try to list the AWS S3 objects with our AWS credentials.



3) Yes! This bucket is public, and we …

account aws aws s3 cloud hack security