Pivoting into VPC networks
Last week was the first public release of vpc-vpn-pivot , a tool that allows you to connect to private VPC subnets using an AWS Client VPN. I created this tool to allow penetration testers to pivot into private VPC subnets: given the right set of IAM privileges, vpc-vpn-pivot will allow you to connect to any resource in any VPC subnet. Take a look at how it works:
The tool is very easy to use and automates the whole attack: resource creation, VPN connection, disconnection, and resource removal.
The initial release only supports the AWS Client VPN method and requires a privilege set which is unlikely to be found in roles attached to a instance profiles or AWS Lambda functions. Future releases will implement other methods which should make the tool usable in more common scenarios.
Want to know if your AWS cloud accounts are secure? Contact me to get a quote!