AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough

Скачать AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough

This is a walk through for a Lab CTF called iam:CreateAccessKey where we exploit the lab’s misconfigured IAM policy to elevate our privileges in a sandboxed AWS environment. You’ve successfully captured the flag once you’ve accessed and downloaded sensitive files containing (fake) customer PII in Amazon S3.

🚨Disclaimer
What is shown in this video is purely for educational purposes. This type of information should only ever be used for ethical purposes and to stop attackers. It should not be performed against resources you do not have explicit permissions for. We do not condone using the information in this video for any other purposes.

📑 Resources 📑
Lab CTF link: https://cybr.com/courses/iam-privileg...
Lab CTF step-by-step solution: https://cybr.com/courses/iam-privileg...
IAM PrivEsc Labs Course: https://cybr.com/courses/iam-privileg...

➡️ Get full access to Cybr's Hands-On Labs and AWS security training courses: https://cybr.com/pricing

⏰ Timestamps ⏰
00:00 - 00:47 - Intro
00:48 - 02:57 - Configure your AWS CLI
02:58 - 03:37 - About the CTF
03:37 - 04:44 - About iam:CreateAccessKey
04:44 - 05:01 - create-acces-key CLI command
05:02 - 06:28 - Enumerating the AWS environment
06:29 - 06:59 - How IAM Users get permissions
07:00 - 07:45 - Enumerating IAM Groups
07:46 - 08:10 - Enumerating Group policies
08:11 - 09:15 - Knowing what commands to use
09:16 - 09:53 - Get group policy
09:54 - 11:07 - Evaluating our user’s policy
11:08 - 11:31 - Listing users
11:32 - 12:10 - List the victim’s access keys
12:11 - 13:03 - Create an access key
13:04 - 13:38 - Configure the victim profile
13:39 - 14:42 - Demonstrate impact to your client
14:43 - 16:12 - Enumerating managed and inline policies
16:13 - 16:22 - Evaluating the S3 policy
16:23 - 16:48 - Enumerating permissions without looking at policies
16:49 - 17:26 - Listing S3 buckets and objects
17:27 - 18:07 - Download (fake) PII S3 data
18:08 - 20:24 - Preventing this attack and best practices
20:25 - 21:32 - Conclusion and additional CTFs