Pentesting a Pentest Agent Here's What I've Found in AWS Sec...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html
• Blog Title: Pentesting a Pentest Agent: Here's What I've Found in AWS Security Agent
• Suggested Section: AWS Pentesting -> AWS - Post Exploitation (new subpage: "Abusing AWS Security Agent / Autonomous Scanner Runtimes"), with cross-links from Kubernetes/Containers topics (docker.sock escape) and Cloud SSRF/IMDS credential theft notes

🎯 Content Summary

Title/Context: The post analyzes AWS Security Agent (an autonomous AI pentesting agent for web apps) and documents 4 security issues (a 5th is mentioned as pending, not covered). The findings focus on: (1) how VPC/private-target pentests perform domain verification and can be abused to hit public Internet victims, and (2) how a malicious target can trick the agent into executing OS commands...

🔧 Technical Details

Private-network domain verification bypass via split-horizon DNS (“DNS confusion”): If a pentest platform allows testing “Unreachable” domains only when a VPC/private network is configured, and its pre-run verification relies on VPC DNS resolution, an attacker controlling a private DNS zone can: (1) set the target domain’s A record to a private IP (so the platform treats it as in-VPC), (2) set the platform-specific verification TXT (e.g., _aws_securityagent-challenge.<domain>) to pass token checks, then (3) after the pre-run verification step completes, flip the A record to the victim’s public IP. If the platform does not continuously re-verify ownership/DNS consistency and does not re-check “must stay private IP,” the job can be redirected to scan a public Internet target via NAT egress.

Self-compromising autonomous scanners via link-following + shell interpolation: When an autonomous scanner/agent aggressively follow...

🤖 Agent Actions

Summary:
Added a new AWS post-exploitation page documenting abuse patterns from the AWS Security Agent blog (split‑horizon DNS verification confusion, malicious target RCE via link interpolation, HTTP‑tunneled shells, NOPASSWD sudo, Docker socket escape, IMDS credential theft).
Linked the new page from AWS Post Exploitation and added references.

Files changed:

• src/pentesting-cloud/aws-security/aws-post-exploitation/README.md
• src/pentesting-cloud/aws-security/aws-post-exploitation/aws-security-agent-abuse/README.md

Tests: Not run (docs-only change).

Next steps:

1. Review the new page placement and wording to confirm it fits the AWS post‑exploitation section.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

📚 Repository Maintenance

• MD files processed: 584
• MD files fixed: 1

All .md files have been checked for proper formatting (headers, includes, etc.).

[carlospolop]

🔗 Additional Context

Original Blog Post: https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html

Content Categories: Based on the analysis, this content was categorized under "AWS Pentesting -> AWS - Post Exploitation (new subpage: "Abusing AWS Security Agent / Autonomous Scanner Runtimes"), with cross-links from Kubernetes/Containers topics (docker.sock escape) and Cloud SSRF/IMDS credential theft notes".

Repository Maintenance:

• MD Files Formatting: 584 files processed (1 files fixed)

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0