During a cloud security assessment, enumeration is a critical phase. It allows you to understand your current permissions, map out the available attack surface, and identify potential misconfigurations or exposed sensitive data. This writeup walks through a hands-on lab demonstrating how to perform credential enumeration, list secrets, and extract sensitive payloads using the AWS CLI.
Part 1: Initial Identity Enumeration
Every cloud security assessment begins with determining who you are in the environment. Using an acquired set of AWS access keys, the first step is to call the Security Token Service (STS) to get the current identity context.
aws sts get-caller-identity --profile SecretsManagerEnum
Enter fullscreen mode







