Capital One Data Breach

•Download as PPTX, PDF•

3 likes•923 views

A short overview of the Capital One Data Breach. This presentation was a component of an online webinar for the Caribbean Developer Month 2019 hosted by the Caribbean Developers Group.

Technology

CAPITAL ONE
DATA BREACH
Hacking a major bank…
On a Public Cloud
Caribbean Developer Month 2019
Presenter: Obika Gellineau

WHAT YOU NEED
TO KNOW
The Background
The Hack
The End

THE
BACKGROUND
• Capital One is a banking holding company that provides credit
cards, auto loans, banking and savings accounts. In 2015, Capital
One announced that all new and existing applications would be
hosted on AWS.
• Between March and July 2019, an unauthorized user (or hacker)
accessed data stored in AWS S3 buckets belonging to Capital
One.
• The hacker exfiltrated the data containing 100 mil customer
records and stored it on GitHub under their real name, Paige
Thompson and boasted about it on their Slack channel under the
username “erratic”.
• Once Capital One learnt about the breach, they contacted the FBI
who arrested the hacker and changed them for “computer fraud
and abuse”.

THE HACK
While searching for AWS instances, the attacker found an EC2
instance working as a reverse proxy.
Using a custom header, the attacker exploited the proxy and
made a service request to enumerate an IAM role, and another
request to obtain the Access Key ID and Secret Access Key
The attacker was able to obtain AWS keys for an IAM role called
****-WAF-Role.
The attacker used the stolen AWS keys to list S3 buckets that
were accessible to that role.
The attacker used AWS CLI sync command to copy data from
the S3 buckets that were accessible to that role.

THE END
• The root cause of this hack was a misconfiguration
of the IAM role permissions for the EC2 instance.
• This hack could have been prevented through an
AWS penetration test.
• The hacker would likely get up to 5 years in prison
and a USD $250,000 fine.
• “Security in the Cloud” is increasingly important as
more companies expand into public / hybrid cloud
offerings.

THANK YOU
Presenter: Obika Gellineau
Twitter: @AntiPhishClub
References:
• The Capital One Breach &
“cloud_breach_s3” CloudGoat Scenario,
Rhino Security Labs,
https://rhinosecuritylabs.com/aws/capital-
one-cloud_breach_s3-cloudgoat/
• Capital One on AWS, AWS,
https://aws.amazon.com/solutions/case-
studies/innovators/capital-one/

What's hot

Vapt life cycle

penetration Tester

Cyber Threat Intelligence

Prachi Mishra

MITRE ATT&CK framework

Bhushan Gurav

Cyber Threat Intelligence

mohamed nasri

Security Information and Event Management (SIEM)

k33a

Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise. Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence. This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.

AI and the Impact on Cybersecurity

Graham Mann

Cybersecurity | Risk. Impact. Innovations.

Vertex Holdings

How MITRE ATT&CK helps security operations

Sergey Soldatov

The role of big data, artificial intelligence and machine learning in cyber i...

Aladdin Dandis

From ATT&CKcon 3.0 By Fred Frey and Jonathan Mulholland, SnapAttack Atomic Red Team and Sigma are the largest open-source attack simulation and analytic projects. Many organizations utilize one or both internally for security controls validation or supplementing their detections and alerts. Building on the work from these two great communities, we smashed (scientific-term) the attacks and analytics together and applied data science to analyze the results. We'll describe our methodology and testing framework, show the real-world MITRE ATT&CK coverage and gaps, discuss our algorithms for calculating analytic similarity, identifying log sources for a technique, and determining the best analytics to deploy that maximizes ATT&CK coverage. This project aims to: - Bring a measurable testing rigor to community analytics to improve adoption - Test every analytic against every attack, validating the true positive detection - Understand the log sources required to detect specific attack techniques - Apply data science to identify analytic similarity (reduce community duplication) - Identify gaps between the projects' analytics without attack simulations; attack simulations without detections; missing or incorrect MITRE ATT&CK labels, etc - Automate the process so insights can stay up to date with new attack/analytic contributions over time - Share our analysis back to the community to improve these projects

ATT&CKing the Red/Blue Divide

MITRE ATT&CK

VAPT PRESENTATION full.pptx

DARSHANBHAVSAR14

Cyber Kill Chain Deck for General Audience

Tom K

Analysing Ransomware

Napier University

SOC Architecture Workshop - Part 1

Priyanka Aash

Cyber threat intelligence ppt

Kumar Gaurav

Cyber security awareness

Jason Murray

From MITRE ATT&CKcon Power Hour December 2020 By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.

Sharpening your Threat-Hunting Program with ATTACK Framework

MITRE - ATT&CKcon

Banks and cybersecurity v2

Semir Ibrahimovic

From ATT&CKcon 3.0 By Lindsay Kaye and Scott Small, Recorded Future Many organizations ask: "Where do I start, and where do I go next" when prioritizing implementation of behavior-based detections? We often hear "use threat intelligence!" but your goals must be qualified and quantified in order to properly prioritize the most relevant TTPs. A wealth of open-sourced, ATT&CK-mapped resources now exists, giving security teams greater access to both detections and red team tests they can implement, but intelligence (also aligned with ATT&CK), is essential to provide necessary context to ensure that detection efforts are focused effectively. This session will discuss a new approach to the prioritization challenge, starting with an analysis of the current defensive landscape, as measured by ATT&CK coverage for more than a dozen detection repositories and technologies, and guidance on sourcing TTP intelligence. The team will then show how real-world defensive strategies can be strengthened by encompassing a full-spectrum view of threat detection, including the implementation of YARA, Sigma, and Snort in security appliances. Critically, alignment of both intelligence and defenses with ATT&CK enables defenders to move the focus of detection efforts to indications of malicious behavior before the final payload is deployed, where controls are most effective at preventing serious damage to the organization.

It's just a jump to the left (of boom): Prioritizing detection implementation...

MITRE ATT&CK

What's hot (20)

Vapt life cycle

Cyber Threat Intelligence

MITRE ATT&CK framework

Cyber Threat Intelligence

Security Information and Event Management (SIEM)

Global Cyber Threat Intelligence

AI and the Impact on Cybersecurity

Cybersecurity | Risk. Impact. Innovations.

How MITRE ATT&CK helps security operations

The role of big data, artificial intelligence and machine learning in cyber i...

ATT&CKing the Red/Blue Divide

VAPT PRESENTATION full.pptx

Cyber Kill Chain Deck for General Audience

Analysing Ransomware

SOC Architecture Workshop - Part 1

Cyber threat intelligence ppt

Cyber security awareness

Sharpening your Threat-Hunting Program with ATTACK Framework

Banks and cybersecurity v2

It's just a jump to the left (of boom): Prioritizing detection implementation...

Similar to Capital One Data Breach

Cloud security best practices in AWS by: Ankit Giri

OWASP Delhi

With AWS CloudTrail, you can get log files of AWS API calls for your account. CloudTrail enables you to perform security analysis, track resource changes, and aid in compliance reporting. In this webinar you will learn how CloudTrail collects and stores your AWS log files so that software from AWS Technology Partner Splunk can be used as a Big Data Security Information and Event Management (SIEM) system. You will hear how AWS log files are made available for many security use cases, including incident investigations, security and compliance reporting, and threat detection/alerting. You will also hear from a joint Splunk/AWS customer, FINRA, who will explain how they leverage Splunk in AWS to support their cloud efforts. What you'll learn: • Why the machine data from AWS CloudTrail is relevant to security and compliance • How to visualize data from AWS CloudTrail to monitor and audit security-related activity • How AWS CloudTrail data can be combined with machine data from other sources in your IT infrastructure, including the OS and apps in your AWS images, for a wide range of operational and security use cases • How the combination of AWS CloudTrail and Splunk Software improve your uptime, accelerate security and operational investigations, and simplify compliance.

AWS Partner Webcast - Use Your AWS CloudTrail Data and Splunk Software To Imp...

Amazon Web Services

AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws

AWS Riyadh User Group

AWS Identity Access Management

Richard Harvey

Identity and Access Management and Directory Services

Amazon Web Services

Securing the Skies: Navigating Cloud Security Challenges and Beyond

Praveen Nair

Continuation of the v1 presentation with new slides for the v2 instance metadata service. Cloud Metadata Services are popular targets for attackers trying to gain direct access to an organization’s cloud resources. The Capital One breach notification published in July put a spotlight on the metadata service and its weaknesses. Using publicly available information from the breach, we will demonstrate how the attacker compromised AWS instance metadata credentials, gained access to privileged resources, and exfiltrated data from the account. The conversation then shifts to a post mortem discussion about cloud security controls that could have prevented or limited the blast radius of the attack.

Cloud Security: Attacking The Metadata Service v2

Puma Security, LLC

In this session, learn how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that detect and remediate threats to AWS. Finally, Terren Peterson, the VP of Software Engineering at Capital One, shares how his organization detects and remediates threats using Amazon GuardDuty and other AWS services.

Threat Detection and Mitigation at Scale on AWS

Amazon Web Services

Identity and access control for custom enterprise applications - SDD412 - AWS...

Amazon Web Services

As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019

Amazon Web Services

Part 3 of 3. This free, one-day training will provide a step-by-step introduction to the core AWS services for compute, storage, database, and networking. AWS technical experts will explain key features and use cases, share best practices, walk through technical demos, and be available to answer your questions one-on-one. Who should attend? AWSome Day is ideal for IT managers, system engineers, system administrators, and architects who are eager to learn more about cloud computing and how to get started on the AWS Cloud.

AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...

Amazon Web Services

Cloud Metadata Services are popular targets for attackers trying to gain direct access to an organization’s cloud resources. The Capital One breach notification published in July put a spotlight on the metadata service and its weaknesses. Using publicly available information from the breach, we will demonstrate how the attacker compromised AWS instance metadata credentials, gained access to privileged resources, and exfiltrated data from the account. The conversation then shifts to a post mortem discussion about cloud security controls that could have prevented or limited the blast radius of the attack.

Cloud Security: Attacking The Metadata Service

Puma Security, LLC

test-sgsgsgs.pptx

shramangupta2

In this session, we provide an overview of how AWS thinks about threat detection and remediation. We summarize the challenges of traditional threat detection efforts and explain how AWS helps address these challenges. We also provide an overview of key AWS services that can be used to detect and remediate threats to AWS. Finally, we conclude with examples of threat detection and remediation on AWS and an provide an opportunity for key service demos.

SID301 Threat Detection and Mitigation

Amazon Web Services

This workshop provides a hands-on opportunity for you to learn to use machine learning (ML) via Amazon SageMaker in your security pipeline. You are guided through the process of feeding data from AWS CloudTrail and Amazon GuardDuty into Amazon SageMaker in order to augment GuardDuty findings. You’ll receive an introduction to Amazon SageMaker and leverage the IP Insights algorithm to train a model based on IP addresses in the CloudTrail logs. This model is used to score IP addresses from GuardDuty findings to gain additional threat information about alerts, enabling security operators to better prioritize alerts for further action.

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Amazon Web Services

Developing on AWS - Crypto Startup

Amazon Web Services

In this chalk talk, we discuss why using temporary security credentials to manage access to your AWS resources is an AWS Identity and Access Management (AWS IAM) best practice. IAM roles help you follow this best practice by delivering and rotating temporary credentials automatically. We discuss the different types of IAM roles, the assume role functionality, and how to author fine-grained trust and access policies that limit the scope of IAM roles. We then show you how to attach IAM roles to your AWS resources, such as Amazon EC2 instances and AWS Lambda functions. We also discuss migrating applications that use long-term AWS access keys to temporary credentials managed by IAM roles.

Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...

Amazon Web Services

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

Amazon Web Services

Amazon S3 and Amazon S3 Glacier provide some of the most enhanced data-security features available in the cloud today. In this chalk talk, learn directly from the AWS engineering team that builds and maintains Amazon S3 security functionality, like encryption, public-access visibility, and much more. We will consider your feedback, address your questions, and mine your expertise to discuss innovative ways of ensuring your data is available only to the users and applications that need it.

Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit

Amazon Web Services

Data exfiltration is a key concern for financial institutions, which often store personally identifiable information, payment card information, and proprietary methods or algorithms. Balancing security and agility in identity and access management (IAM) policies is critical. To achieve this balance, Millennium Management developed a security framework that integrates into CI/CD pipelines. This framework utilizes semantic reasoning, proprietary security evaluations, and AWS Zelkova to achieve provably secure IAM policies pre-deployment in a distributed, multi-account environment. Learn how Millennium combined Zelkova with services such as AWS Step Functions, AWS Lambda, and AWS CodePipeline—for rapid development while mitigating data exfiltration risk.

How Millennium Management achieves provable security with AWS Zelkova - FSV30...

Amazon Web Services

Similar to Capital One Data Breach (20)

Cloud security best practices in AWS by: Ankit Giri

AWS Partner Webcast - Use Your AWS CloudTrail Data and Splunk Software To Imp...

AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws

AWS Identity Access Management

Identity and Access Management and Directory Services

Securing the Skies: Navigating Cloud Security Challenges and Beyond

Cloud Security: Attacking The Metadata Service v2

Threat Detection and Mitigation at Scale on AWS

Identity and access control for custom enterprise applications - SDD412 - AWS...

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019

AWS Security, IAM, Databases, Elasticity, Management Tools - AWSome Day Phila...

Cloud Security: Attacking The Metadata Service

test-sgsgsgs.pptx

SID301 Threat Detection and Mitigation

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Developing on AWS - Crypto Startup

Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit

How Millennium Management achieves provable security with AWS Zelkova - FSV30...

Recently uploaded

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Histor y of HAM Radio presentation slide

vu2urc

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

How to convert PDF to text with Nanonets

naman860154

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

08448380779 Call Girls In Civil Lines Women Seeking Men

Artificial Intelligence: Facts and Myths

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Histor y of HAM Radio presentation slide

2024: Domino Containers - The Next Step. News from the Domino Container commu...

🐬 The future of MySQL is Postgres 🐘

How to Troubleshoot Apps for the Modern Connected Worker

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

How to convert PDF to text with Nanonets

Exploring the Future Potential of AI-Enabled Smartphone Processors

Advantages of Hiring UIUX Design Service Providers for Your Business

Breaking the Kubernetes Kill Chain: Host Path Mount

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

The Codex of Business Writing Software for Real-World Solutions 2.pptx

What Are The Drone Anti-jamming Systems Technology?

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Boost Fertility New Invention Ups Success Rates.pdf

Capital One Data Breach

1. CAPITAL ONE DATA BREACH Hacking a major bank… On a Public Cloud Caribbean Developer Month 2019 Presenter: Obika Gellineau

2. WHAT YOU NEED TO KNOW The Background The Hack The End

3. THE BACKGROUND • Capital One is a banking holding company that provides credit cards, auto loans, banking and savings accounts. In 2015, Capital One announced that all new and existing applications would be hosted on AWS. • Between March and July 2019, an unauthorized user (or hacker) accessed data stored in AWS S3 buckets belonging to Capital One. • The hacker exfiltrated the data containing 100 mil customer records and stored it on GitHub under their real name, Paige Thompson and boasted about it on their Slack channel under the username “erratic”. • Once Capital One learnt about the breach, they contacted the FBI who arrested the hacker and changed them for “computer fraud and abuse”.

4. THE HACK While searching for AWS instances, the attacker found an EC2 instance working as a reverse proxy. Using a custom header, the attacker exploited the proxy and made a service request to enumerate an IAM role, and another request to obtain the Access Key ID and Secret Access Key The attacker was able to obtain AWS keys for an IAM role called ****-WAF-Role. The attacker used the stolen AWS keys to list S3 buckets that were accessible to that role. The attacker used AWS CLI sync command to copy data from the S3 buckets that were accessible to that role.

5. THE END • The root cause of this hack was a misconfiguration of the IAM role permissions for the EC2 instance. • This hack could have been prevented through an AWS penetration test. • The hacker would likely get up to 5 years in prison and a USD $250,000 fine. • “Security in the Cloud” is increasingly important as more companies expand into public / hybrid cloud offerings.

6. THANK YOU Presenter: Obika Gellineau Twitter: @AntiPhishClub References: • The Capital One Breach & “cloud_breach_s3” CloudGoat Scenario, Rhino Security Labs, https://rhinosecuritylabs.com/aws/capital- one-cloud_breach_s3-cloudgoat/ • Capital One on AWS, AWS, https://aws.amazon.com/solutions/case- studies/innovators/capital-one/

Capital One Data Breach

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Capital One Data Breach

Similar to Capital One Data Breach (20)

More from Obika Gellineau

More from Obika Gellineau (6)

Recently uploaded

Recently uploaded (20)

Capital One Data Breach