Try it using Invoke-Atomic

Cloud Storage Object Discovery

Description from ATT&CK

Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.

Cloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS (Citation: ListObjectsV2) and List Blobs in Azure(Citation: List Blobs) .

Atomic Tests

Atomic Test #1 - AWS S3 Enumeration

This test will enumerate all the S3 buckets in the user account and lists all the files in each bucket.

Supported Platforms: iaas:aws

auto_generated_guid: 3c7094f8-71ec-4917-aeb8-a633d7ec4ef5

Inputs:

None

Attack Commands: Run with sh!

1

for bucket in "$(aws s3 ls | cut -d " " -f3)"; do aws s3api list-objects-v2 --bucket $bucket --output text; done

Dependencies: Run with sh!

Description: Check if ~/.aws/credentials file has a default stanza is configured

Check Prereq Commands:

1

cat ~/.aws/credentials | grep "default"

Get Prereq Commands:

1

echo Please install the aws-cli and configure your AWS default profile using: aws configure

source