AWS Tools in Labs
CLI Commands for P testing
Other Lab Tools
More Lab Tools
LAWS/REGS/STANDARDS
100

•Manages access to AWS resources by creating users, roles, and policies to control permissions.

AWS Identity and Access Management (IAM)Purpose

100

Listing objects in a secure S3 bucket:

aws --no-sign-request s3 ls s3://ccse-demobucket-new

This will output an "Access Denied" message because the bucket is secure.

100

A fully managed data warehouse that allows users to run fast SQL queries on large datasets, ideal for analytics and business intelligence in GCP

Google BigQuery

100

Automates the collection of evidence needed for auditing AWS resources, helping to manage compliance efforts across frameworks and regulations.

AWS Audit Manager

100

•A security standard by the PCI Security Standards Council that governs how payment card data is handled in the cloud.

Cloud Security Standards: PCI DSS

200

Allows users to interact with AWS services through a terminal using commands, automating tasks and managing resources

AWS Command Line Interface (CLI)

200

Getting the access control list (ACL) of a secure S3 bucket:

ws s3api get-bucket-acl --bucket ccse-demobucket-new --no-sign-request 

This command will also output "Access Denied" as the bucket is properly configured.

200

A tool used to scan Google Cloud resources for security and compliance issues, helping users identify misconfigurations.

CFT Scorecard (Google Cloud)

200

Provides visibility into the administrative and access activities performed on Google Cloud resources for auditing and compliance.

Google Cloud Audit Logs

200

•A standard addressing cloud security threats like unauthorized access and data loss, outlining roles for CSPs, CSCs, and CSNs in mitigating risks.

Cloud Security Standards: ITU-T X.1601

300

Protects web applications fromcommon web exploits such as SQL injection and cross-site scripting (XSS)

AWS Web Application Firewall (WAF)

300

Listing objects in a vulnerable S3 bucket:

aws --no-sign-request s3 ls s3://ccse-demobucket-newest 

This command lists the objects in the misconfigured bucket, showing that it is publicly accessible.

300

Provides monitoring tools to track performance metrics and uptime for Google Cloud resources and services

Google Cloud Monitoring

300

Aggregates security alerts and compliance checks across AWS services, providing a centralized view of security posture and compliance status

AWS Security Hub

300

•Guidelines for cloud service providers to manage information security controls in cloud environments.

Cloud Security Standards: ISO/IEC 27017

400

Manages and deploys APIs, allowing developers to create, publish, and secure APIs at scale

AWS API Gateway

400

Getting the access control list (ACL) of a vulnerable S3 bucket:

aws s3api get-bucket-acl --bucket ccse-demobucket-newest --no-sign-request 

This will show that "FULL_CONTROL" is granted to everyone, indicating the vulnerability.

400

Provides a complete inventory of all Google Cloud resources within an organization for auditing and management purposes

Google Cloud Asset Inventory

400

A AWS serverless computing service that allows users to run code in response to events without provisioning or managing servers

AWS Lambda

400

•Ensures cloud providers protect Personally Identifiable Information (PII) and comply with data protection laws.

Cloud Security Standards: ISO/IEC 27018

500

A content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency.

AWS CloudFront

500

Enabling write access control to a vulnerable bucket:

aws s3api put-bucket-acl --bucket ccse-demobucket-newest --grant-full-control uri=http://acs.amazonaws.com/groups/global/AllUsers 


These commands are used to test the security configurations of S3 buckets in AWS by simulating both secure and vulnerable setups.



500

Allows users to capture and analyze network traffic to and from Google Cloud VM instances for security and troubleshooting purposes

Google Cloud Packet Mirroring

500

A tool for managing and governing distributed data across Google Cloud services, helping to automate data organization, discovery, and security

GCP Dataplex

500

•Provides a framework for secure and effective cloud computing by defining cloud computing models and reference architectures.

Cloud Security Standards: NIST

600

Provides scalable object storage for data, including backups, files, and media, with options for access control and security in AWS.

Amazon Simple Storage Service (S3

600

CD

Change directory.

  • Example: cd /path/to/directory
600

An open-source network threat detection engine that inspects network traffic for signs of malicious activity or policy violations. (mentioned in GCP Section)

Suricata (Intrusion Detection System)

600

A cloud-based shell environment for managing Google Cloud resources, providing command-line access to perform tasks and run scripts

Google Cloud Shell

600

•A framework from the Cloud Security Alliance mapping security controls to various industry standards to ensure security and compliance.

Cloud Security Standards: CSA Cloud Controls Matrix (CCM)

700

Provides protection against Distributed Denial of Service (DDoS) attacks to ensure the availability of AWS resources.

AWS Shield

700

ls / dir

List files in a directory (ls in Unix-like systems, dir in Windows).

  • Example: ls -la
700

Uses machine learning to discover, classify, and protect sensitive data stored in S3 buckets, such as personal data and intellectual property

Amazon Macie

700

Provides block-level storage volumes for use with Amazon EC2 instances, enabling data persistence and backup through snapshots.

Amazon Elastic Block Store (EBS)

700

An XML-based standard for exchanging authentication and authorization information between identity providers and service providers.

HINT TOKEN Language

Cloud Security Standards: SAML 2.0

800

: A scalable domain name system (DNS) web service for routing traffic to AWS resources based on global infrastructure

AWS Route 53

800

pwd

Print working directory (shows the current directory path).

800

Vendor Neutral 

A command-line tool for capturing and analyzing network traffic for debugging and monitoring purposes.

tcpdump

800

A pre-configured virtual machine image used to create new EC2 instances with a specific operating system and applications

Amazon Machine Image (AMI)

800

SOC 1

Financial Audit Report for internal C-levels

900

Automates security assessments for EC2 instances, identifying vulnerabilities and deviations from best practices

Amazon Inspector

900

mkdir

Make a new directory.

  • Example: mkdir new_folder
900

Provides network traffic filtering, intrusion detection, and intrusion prevention for VPCs to protect cloud applications and data

AWS Network Firewall

900

Stores copies of data across geographically separate regions in Azure, providing disaster recovery capabilities in the event of a regional failure

Azure Geo-Redundant Storage (GRS)

900

SOC 2

IT Audit based on CIA for internal C-levels

1000

Logs and tracks user activity and API calls made to AWS services, providing a history of actions within an account

AWS CloudTrail

1000

rm / del

Remove or delete files (rm in Unix-like systems, del in Windows).

  • Example: rm file.txt
1000

Monitors the performance and health of Azure resources and applications, generating alerts and providing insights for troubleshooting.

Azure Monitor

1000

Provides backup and recovery services for Azure resources, including VMs, databases, and files, ensuring data protection and business continuity.

Azure Backup

1000

SOC 3

Public report used to evaluate CSP  = redacted

1100

Provides threat detection by continuously monitoring for malicious activity and unauthorized behavior in AWS environments

AWS GuardDuty

1100

grep

 Search for a specific string in a file or output.

  • Example: grep "search_term" file.txt
1100

Azure Monitor

GCP VPC Flow Logs

1100
EU-GDPR

Privacy Laws in EU

1200

Automates the process of patching EC2 instances by identifying and applying missing security updates

AWS Systems Manager Patch Manager

1200

touch

Create an empty file or update the timestamp of a file (Unix-based systems).

  • Example: touch newfile.txt
1200

Captures information about the IP traffic going to and from VM instances in Google Cloud, used for network monitoring and forensic analysis.

GCP VPC Flow Logs

1200

SOX

Sarbanes Oxley for publicly traded companies - holds C-levels responsible for fraud and no compliance

1300

Allows instances in a private subnet to access the internet without exposing them to incoming traffic from the internet

AWS NAT Gateway

1300

clear / cls

Clear the terminal screen (clear for Unix-like systems, cls for Windows).

1300

A serverless computing service that allows users to run code in response to events without provisioning or managing servers.

GCP Cloud Functions

1300

GLBA

Finance Privacy Law US

1400

Automatically adjusts the number of EC2 instances in a group based on demand, ensuring availability and cost-efficiency

AWS Auto Scaling

1400

cat

Display the contents of a file.

  • Example: cat file.txt
1400

A serverless computing service that allows users to run code in response to events without provisioning or managing servers.

GCP Cloud Functions

1400

IRM

Information Rights Management - protects private and proprietary info US

1500

Provides secure and seamless RDP and SSH access to Azure virtual machines directly from the Azure portal, without exposing VMs to public IP addresses

Azure Bastion

1500

mv / move

Move or rename files.

  • Example: mv oldname.txt newname.txt
1500

Provides real-time best practices and recommendations for AWS resources in categories such as cost optimization, performance, security, and fault tolerance

AWS Trusted Advisor

1500

ENISA

The European Union Agency for Cybersecurity 

ENISA Information Assurance Framework based on its CSA STAR self-assessment.

M
e
n
u