Securing AWS Discover Cloud Vulnerabilities via Pentesting Techniques | Beau Bullock скачать в хорошем качестве

Securing AWS Discover Cloud Vulnerabilities via Pentesting Techniques | Beau Bullock

Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going! Learn cloud security and penetration testing from Beau Bullock -- https://www.antisyphontraining.com/br... 00:00 - FEATURE PRESENTATION 01:48 - Roadmap 04:45 - AWS- Authentication 06:37 - Management Console 07:10 - Initial Access 08:20 - Public Accessibility of Resources 09:57 - Secrets in Code Repositories 11:24 - Phishing 12:30 - Resource Exploitation 14:00 - Post-Compromise Recon 15:27 - AWS Permissions 17:46 - Identity Vs Resource-based Policies 19:42 - AWS Command Line 24:04 - IAM Policy Enumeration 24:35 - Identifying Public Resources 28:38 - Privilege Escalation 29:14 - Instance Metadata Service 33:34 - User Data & ENV Vars 34:34 - Assume Role Policies 37:04 - Leveraging Scanning Tools 38:00 - Pacu 38:24 - ScoutSuite 39:09 - WeirdAAL 40:01 - DEMO! 54:34 - Resources 55:00 - Key Takeaways 56:04 - The End Description: One of the most interesting things about cloud environments is that they tend to have an underlying API that can be leveraged for management of resources. But this API can also be abused by attackers for malicious purposes. In this Black Hills Information Security (BHIS) webcast, senior security analyst Beau Bullock shows how attackers targeting cloud-based services like Amazon Web Services (AWS) can leverage API access to laterally move from resource to resource. Examples of post-compromise reconnaissance and privilege escalation will be detailed. A multi-resource pivot will be demonstrated to show how cloud-based lateral movement can look. Slides:https://s1hb.sharepoint.com/:b:/g/Con... Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Active Countermeasures YouTube:    / activecountermeasures   Antisyphon Training YouTube:    / antisyphontraining   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/