Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020
Interested in more great talks like this? SANS CloudSecNext FREE Global Summit is coming up June 3-4. Learn more and register here: https://www.sans.org/u/1dhq
While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer’s fault. This is why we have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security.
The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I’ll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.
The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Speaker: Pawel Rzepa, @Rzepsky, Senior Security Specialist, SecuRing
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g
Видео Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020 канала SANS Cloud Security
While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer’s fault. This is why we have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security.
The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I’ll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.
The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Speaker: Pawel Rzepa, @Rzepsky, Senior Security Specialist, SecuRing
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g
Видео Attacking AWS: the full cyber kill chain | SANS Cloud & DevOps Security Summit 2020 канала SANS Cloud Security
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
AWS re:Invent 2020: Ransomware: Be prepared
12. x33fcon 2019 - Attacking AWS: the full cyber kill chain by Paweł Rzepa
A Cloud Security Architecture Workshop
Integrating Policy as code into your CI/CD pipeline | SANS Cloud & DevOps Security Summit 2020
Hacking the Cloud: Exploiting AWS Misconfigurations
AWS re:Invent 2020: AWS security: Where we’ve been, where we’re going
How to Easily Setup Application Monitoring for Your AWS Workloads - AWS Online Tech Talks
Architecting for Threat Hunting | SANS Cloud & DevOps Security Summit 2020
Using An Expanded Cyber Kill Chain Model to Increase Attack Resiliency
Kubernetes in 5 mins
Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017
Build a Blockchain Track-and-Trace Application on AWS
How to Install and Deploy Kali Pentesting Tool Suite in AWS - Fast and FREE
Cover Your SaaS: Practical SaaS Security Tips
AWS Cloud Security & Compliance
Cloud Static Analysis Showdown
AWS Athena Tutorial l Athena Hands On LAB | Athena + Glue + S3 Data Lake | Athena AWS Tutorials
The Top 10 Tools For Cloud Penetration Testing - Michael Born
Cyber&Data: Network Forensics and Protocols![AWS re:Invent 2019: [REPEAT 1] Deep dive into Amazon Athena (ANT307-R1)](https://i.ytimg.com/vi/tzoXRRCVmIQ/default.jpg)
AWS re:Invent 2019: [REPEAT 1] Deep dive into Amazon Athena (ANT307-R1)