What were the three commands used for the attack?

• Scanning for Misconfigured Web Application Firewalls (WAFs)
• Exploiting a Server-Side Request Forgery (SSRF) Vulnerability
• Executing Unauthorized Data Access and Exfiltration Commands

What misconfiguration of AWS components allowed the attacker to access sensitive data?

• They consist of S3 Bucket Misconfigurations, IAM Role Misconfigurations, and Security Group and Network Access Control Lists (NACLs) Misconfigurations.

What are two of the AWS Governance practices that could have prevented such attack?

• The two practices they could have used were Principle of Least Privilege (PoLP) with Identity and Access Management (IAM) and Continuous Monitoring and Logging.

Resource: https://www.zscaler.com/resources/white-papers/capital-one-data-breach.pdf