GITBOOK-494: change request with no subject merged in GitBook

HackTricks-wiki · Dec 18, 2023 · 1b96405 · 1b96405
1 parent 31356c2
commit 1b96405
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 1 deletion.
diff --git a/pentesting-cloud/aws-pentesting/aws-services/aws-kinesis-data-firehose-enum.md b/pentesting-cloud/aws-pentesting/aws-services/aws-kinesis-data-firehose-enum.md
@@ -1,4 +1,4 @@
-# AWS - Kinesis Data Firehose
+# AWS - Kinesis Data Firehose Enum
 
 <details>
 
@@ -29,6 +29,30 @@ aws firehose describe-delivery-stream --delivery-stream-name <name>
 aws firehose describe-delivery-stream --delivery-stream-name <name> | grep -i RoleARN
 ```
 
+## Post-exploitation / Defense Bypass
+
+In case firehose is used to send logs or defense insights, using these functionalities an attacker could prevent it from working properly.
+
+### firehose:DeleteDeliveryStream
+
+```
+aws firehose delete-delivery-stream --delivery-stream-name <value> --allow-force-delete
+```
+
+### firehose:UpdateDestination
+
+```
+aws firehose update-destination --delivery-stream-name <value> --current-delivery-stream-version-id <value> --destination-id <value>
+```
+
+### firehose:PutRecord | firehose:PutRecordBatch
+
+```
+aws firehose put-record --delivery-stream-name my-stream --record '{"Data":"SGVsbG8gd29ybGQ="}'
+
+aws firehose put-record-batch --delivery-stream-name my-stream --records file://records.json
+```
+
 ## References
 
 * [https://docs.amazonaws.cn/en\_us/firehose/latest/dev/what-is-this-service.html](https://docs.amazonaws.cn/en\_us/firehose/latest/dev/what-is-this-service.html)

diff --git a/...y/aws-services/aws-security-and-detection-services/aws-firewall-manager-enum.md b/...y/aws-services/aws-security-and-detection-services/aws-firewall-manager-enum.md
@@ -24,6 +24,38 @@ A **rule group** (a set of WAF rules together) can be added to an AWS Firewall M
 
 **Firewall Manager policies only allow "Block" or "Count"** options for a rule group (no "Allow" option).
 
+## Enumeration
+
+```
+# Get admin account
+aws fms get-admin-account
+
+# Get member accounts
+aws fms list-member-accounts
+
+# Get policies
+aws fms list-policies
+
+# Get App list
+aws fms list-apps-lists --max-results 10
+
+# Get notification channel (if any)
+aws fms get-notification-channel
+
+# Get resource sets
+aws fms list-resource-sets
+
+# Get admin scope: Get resources Firewall Manager can manage
+aws fms get-admin-scope --admin-account <acc-id> # ReadOnly policy is not enough for this
+
+# Get Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount 
+aws fms list-admin-accounts-for-organization # ReadOnly policy is not enough for this
+```
+
+## Bypass Detection
+
+TODO, PRs accepted
+
 <details>
 
 <summary><strong>Support HackTricks and get benefits!</strong></summary>