Securing AWS Discover Cloud Vulnerabilities via Pentesting Techniques | Beau Bullock

Описание к видео Securing AWS Discover Cloud Vulnerabilities via Pentesting Techniques | Beau Bullock

Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going!

Learn cloud security and penetration testing from Beau Bullock -- https://www.antisyphontraining.com/br...

00:00 - FEATURE PRESENTATION
01:48 - Roadmap
04:45 - AWS- Authentication
06:37 - Management Console
07:10 - Initial Access
08:20 - Public Accessibility of Resources
09:57 - Secrets in Code Repositories
11:24 - Phishing
12:30 - Resource Exploitation
14:00 - Post-Compromise Recon
15:27 - AWS Permissions
17:46 - Identity Vs Resource-based Policies
19:42 - AWS Command Line
24:04 - IAM Policy Enumeration
24:35 - Identifying Public Resources
28:38 - Privilege Escalation
29:14 - Instance Metadata Service
33:34 - User Data & ENV Vars
34:34 - Assume Role Policies
37:04 - Leveraging Scanning Tools
38:00 - Pacu
38:24 - ScoutSuite
39:09 - WeirdAAL
40:01 - DEMO!
54:34 - Resources
55:00 - Key Takeaways
56:04 - The End

Description: One of the most interesting things about cloud environments is that they tend to have an underlying API that can be leveraged for management of resources. But this API can also be abused by attackers for malicious purposes.

In this Black Hills Information Security (BHIS) webcast, senior security analyst Beau Bullock shows how attackers targeting cloud-based services like Amazon Web Services (AWS) can leverage API access to laterally move from resource to resource. Examples of post-compromise reconnaissance and privilege escalation will be detailed. A multi-resource pivot will be demonstrated to show how cloud-based lateral movement can look.

Slides:https://s1hb.sharepoint.com/:b:/g/Con...

Black Hills Infosec Socials
Twitter:   / bhinfosecurity  
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn:   / antisyphon-training  
Discord:   / discord  

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...

Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...

Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...

Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube:    / wildwesthackinfest  
Active Countermeasures YouTube:    / activecountermeasures  
Antisyphon Training YouTube:    / antisyphontraining  

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Комментарии

Информация по комментариям в разработке

Похожие видео