Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020
Interested in more great talks like this? SANS CloudSecNext FREE Global Summit is coming up June 3-4. Learn more and register here: https://www.sans.org/u/1dhq
While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer’s fault. This is why we have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security.
The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I’ll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.
The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Speaker: Pawel Rzepa, @Rzepsky, Senior Security Specialist, SecuRing
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g
Видео Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020 канала SANS Cloud Security
While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer’s fault. This is why we have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security.
The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I’ll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.
The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Speaker: Pawel Rzepa, @Rzepsky, Senior Security Specialist, SecuRing
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g
Видео Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020 канала SANS Cloud Security
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![AWS re:Invent 2020: Ransomware: Be prepared](https://i.ytimg.com/vi/JQ4LWp3Bf20/default.jpg)
![12. x33fcon 2019 - Attacking AWS: the full cyber kill chain by Paweł Rzepa](https://i.ytimg.com/vi/Orzi8DNU_F0/default.jpg)
![A Cloud Security Architecture Workshop](https://i.ytimg.com/vi/4TxvqZFMaoA/default.jpg)
![Integrating Policy as code into your CI/CD pipeline | SANS Cloud & DevOps Security Summit 2020](https://i.ytimg.com/vi/sUNhRHQ2YrY/default.jpg)
![Hacking the Cloud: Exploiting AWS Misconfigurations](https://i.ytimg.com/vi/0PhKK-GHgBI/default.jpg)
![AWS re:Invent 2020: AWS security: Where we’ve been, where we’re going](https://i.ytimg.com/vi/ScybA4Zb4kA/default.jpg)
![How to Easily Setup Application Monitoring for Your AWS Workloads - AWS Online Tech Talks](https://i.ytimg.com/vi/LKCth30RqnA/default.jpg)
![Architecting for Threat Hunting | SANS Cloud & DevOps Security Summit 2020](https://i.ytimg.com/vi/axS_xivpQWE/default.jpg)
![Using An Expanded Cyber Kill Chain Model to Increase Attack Resiliency](https://i.ytimg.com/vi/1Dz12M7u-S8/default.jpg)
![Kubernetes in 5 mins](https://i.ytimg.com/vi/PH-2FfFD2PU/default.jpg)
![Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017](https://i.ytimg.com/vi/VLIFasM8VbY/default.jpg)
![Build a Blockchain Track-and-Trace Application on AWS](https://i.ytimg.com/vi/x-AjS-WuF2Q/default.jpg)
![How to Install and Deploy Kali Pentesting Tool Suite in AWS - Fast and FREE](https://i.ytimg.com/vi/ASkeQlZLLfM/default.jpg)
![Cover Your SaaS: Practical SaaS Security Tips](https://i.ytimg.com/vi/6uYluC7JMeY/default.jpg)
![AWS Cloud Security & Compliance](https://i.ytimg.com/vi/gHM5aItFdrc/default.jpg)
![Cloud Static Analysis Showdown](https://i.ytimg.com/vi/0YnUyYP5RZM/default.jpg)
![AWS Athena Tutorial l Athena Hands On LAB | Athena + Glue + S3 Data Lake | Athena AWS Tutorials](https://i.ytimg.com/vi/8VOf1PUFE0I/default.jpg)
![The Top 10 Tools For Cloud Penetration Testing - Michael Born](https://i.ytimg.com/vi/K8BfA8lzca8/default.jpg)
![Cyber&Data: Network Forensics and Protocols](https://i.ytimg.com/vi/pEfejwf_M80/default.jpg)
![AWS re:Invent 2019: [REPEAT 1] Deep dive into Amazon Athena (ANT307-R1)](https://i.ytimg.com/vi/tzoXRRCVmIQ/default.jpg)