SlideShare a Scribd company logo
1 of 46
Download to read offline
xebia.com
Michał Brygidyn
AWS Ambassador
AWS Community Builder
Cloud Hacking Scenarios
AWS Community Day Midwest
Chicago – 15.06.2023
xebia.com
<HTML>
xebia.com
Source code
1. Just view the source code J
– Comments
– JavaScript
Step 1
HTML
Example
xebia.com
Source code
1. Just view the source code J
– Comments
– JavaScript
Step 1
HTML
xebia.com
Source code
1. Just view the source code J
– Comments
– JavaScript
Step 1
AWS
─ Administrator Access
J
Step 2
HTML – AWS
xebia.com
What went wrong?
Code, build, forget, repeat…
Sensitive data left in code
─ “for the next team to let them know how it works”
─ “because that’s how I use variables in my JavaScript”
xebia.com
GitHub
xebia.com
Public GitHub repo
1. Config file with
encrypted variables
2. Java class with a
decrypt function
and.. a secret key
Step 1
GitHub
Example
xebia.com
Public GitHub repo
1. Config file with
encrypted variables
2. Java class with a
decrypt function
and.. a secret key
Step 1
GitHub
xebia.com
Public GitHub repo
1. Config file with
encrypted variables
2. Java class with a
decrypt function
and.. a secret key
Office365
1. Teams:
─ “Hello CxO J”
2. SharePoint:
─ PDF with a Jira
configuration guide…
─ … including login and
password
Step 1 Step 2
GitHub – Office 365
xebia.com
Public GitHub repo
1. Config file with
encrypted variables
2. Java class with a
decrypt function
and.. a secret key
Office365
1. Teams:
─ “Hello CxO J”
2. SharePoint:
─ PDF with a Jira
configuration guide…
─ … including login and
password
Jira
Project “AWS”:
─ Task to create IAM
User for an external
service
─ Plaintext AWS Access
and Secret keys in
comments
Step 1 Step 2 Step 3
GitHub – Office 365 – Jira
xebia.com
Public GitHub repo
1. Config file with
encrypted variables
2. Java class with a
decrypt function
and.. a secret key
Office365
1. Teams:
─ “Hello CxO J”
2. SharePoint:
─ PDF with a Jira
configuration guide…
─ … including login and
password
Jira
Project “AWS”:
─ Task to create IAM
User for an external
service
─ Plaintext AWS Access
and Secret keys in
comments
AWS
─ Administrator Access
J
Step 1 Step 2 Step 3 Step 4
GitHub – Office 365 – Jira – AWS
xebia.com
─ Config files
─ Encryption keys
─ Git history
Hardcoded
sensitive data
─ To many viewers
─ Valid credentials in
documentation
─ Using own personal/business
account in scripts
Lack of security
awareness
─ Public repository
─ Risky credentials sharing
Bad tools
selection
What went wrong?
xebia.com
Symfony Profiler
xebia.com
Symfony Profiler
A publicly available
development tool:
─ Plaintext credentials
in Server Parameters
─ Plaintext credentials
in Requests history
─ parameters.yml
preview
Step 1
Symfony Profiler
Examples
xebia.com
Symfony Profiler
A publicly available
development tool:
─ Plaintext credentials
in Server Parameters
─ Plaintext credentials
in Requests history
─ parameters.yml
preview
Step 1
Symfony Profiler
xebia.com
Symfony Profiler
A publicly available
development tool:
─ Plaintext credentials
in Server Parameters
─ Plaintext credentials
in Requests history
─ parameters.yml
preview
Internal app
1. Admin credentials:
─ Dev Environment
─ Prod Environment
2. SSO to multiple apps:
─ Production CRM
─ Webmail
Step 1 Step 2
Symfony Profiler – Internal Apps
xebia.com
Symfony Profiler
A publicly available
development tool:
─ Plaintext credentials
in Server Parameters
─ Plaintext credentials
in Requests history
─ parameters.yml
preview
Internal app
1. Admin credentials:
─ Dev Environment
─ Prod Environment
2. SSO to multiple apps:
─ Production CRM
─ Webmail
Webmail
1. AWS Invoices &
Trusted Advisor emails
2. Reset password for
AWS Root account
Step 1 Step 2 Step 3
Symfony Profiler – Internal Apps
xebia.com
Symfony Profiler
A publicly available
development tool:
─ Plaintext credentials
in Server Parameters
─ Plaintext credentials
in Requests history
─ parameters.yml
preview
Internal app
1. Admin credentials:
─ Dev Environment
─ Prod Environment
2. SSO to multiple apps:
─ Production CRM
─ Webmail
Webmail
1. AWS Invoices &
Trusted Advisor emails
2. Reset password for
AWS Root account
AWS Root Account
─ No MFA
─ Organization
Management Account
─ Administrator Access
on all member
accounts
J
Step 1 Step 2 Step 3 Step 4
Symfony Profiler – Internal Apps – AWS
xebia.com
─ Prod database on a non-prod
─ Same credentials across
multiple environments
─ A single cloud subscription
for all envs / apps / clients
Prod data on a
non-prod env
─ Not enforced
─ Shared credentials
No MFA
─ “All for one, and one for all”
─ Shared account/password
─ Very old passwords
Critical services using the
same shared email
What went wrong?
xebia.com
Kubernetes
xebia.com
Kubernetes API
A publicly exposed
Kubernetes API with
disabled RBAC:
─ Base64 Secrets
─ Plaintext ConfigMaps
─ Pods list and
configuration
Step 1
Kubernetes
Examples
xebia.com
Kubernetes API
A publicly exposed
Kubernetes API with
disabled RBAC:
─ Base64 Secrets
─ Plaintext ConfigMaps
─ Pods list and
configuration
Step 1
Kubernetes
xebia.com
Kubernetes API
A publicly exposed
Kubernetes API with
disabled RBAC:
─ Base64 Secrets
─ Plaintext ConfigMaps
─ Pods list and
configuration
K8s Secrets
1. AWS Access Keys:
─ S3 access only
2. Jenkins admin
credentials
Step 1 Step 2
Kubernetes
xebia.com
Kubernetes API
A publicly exposed
Kubernetes API with
disabled RBAC:
─ Base64 Secrets
─ Plaintext ConfigMaps
─ Pods list and
configuration
K8s Secrets
1. AWS Access Keys:
─ S3 access only
2. Jenkins admin
credentials
Jenkins app
1. AWS Access Keys in
different Workspaces:
─ SQS access
─ Lambda access
2. GitHub credentials in
Jenkins Credentials
3. AWS CLI calls in jobs
console logs
Step 1 Step 2 Step 3
Kubernetes – Jenkins
xebia.com
Kubernetes API
A publicly exposed
Kubernetes API with
disabled RBAC:
─ Base64 Secrets
─ Plaintext ConfigMaps
─ Pods list and
configuration
K8s Secrets
1. AWS Access Keys:
─ S3 access only
2. Jenkins admin
credentials
Jenkins app
1. AWS Access Keys in
different Workspaces:
─ SQS access
─ Lambda access
2. GitHub credentials in
Jenkins Credentials
3. AWS CLI calls in jobs
console logs
Kubectl exec
Bash on Jenkins pod:
─ AWS IAM Role with
Administrator Access
J
Step 1 Step 2 Step 3 Step 4
Kubernetes – Jenkins – AWS
xebia.com
─ Lack of knowledge
─ Limited scope of
penetration testing
─ Risky design
Public resources
─ Admin access for all!
─ Unprotected CICD tools
─ Running apps as Root
Principle of
Least Privilege
─ No RBAC
─ Unencrypted data
─ No firewall
Disabled
security features
What went wrong?
xebia.com
And more…
Slides still not ready J
xebia.com
– Outdated software running on cloud servers (open proxy)
Other ways “in”
Examples
xebia.com
– Outdated software running on cloud servers (open proxy)
– Admin credentials logged during the installation
Other ways “in”
xebia.com
– Outdated software running on cloud servers (open proxy)
– Admin credentials logged during the installation
– Misconfigured vhosts → Directory indexing
Other ways “in”
Examples
xebia.com
– Outdated software running on cloud servers (open proxy)
– Admin credentials logged during the installation
– Misconfigured vhosts → Directory indexing
– Debug pages and connection strings (Python Django)
Other ways “in”
Examples
xebia.com
AWS Backdoors
A small teaser of my next presentation
xebia.com
- IAM Users
- Trust Policy
- Identity Providers
Group 1:
IAM
AWS Backdoors – Ideas
xebia.com
- IAM Users
- Trust Policy
- Identity Providers
- Public EC2
- Local OS user
Group 1:
IAM
Group 2:
Servers
AWS Backdoors – Ideas
xebia.com
- IAM Users
- Trust Policy
- Identity Providers
- Public EC2
- Local OS user
- Security Group Rule
- VPC Peering
- Transit Gateway
Group 1:
IAM
Group 2:
Servers
Group 3:
Network
AWS Backdoors – Ideas
xebia.com
- IAM Users
- Trust Policy
- Identity Providers
- Public EC2
- Local OS user
- Security Group Rule
- VPC Peering
- Transit Gateway
- Identity Center
- CodePipeline
- Lambda Function
URL
Group 1:
IAM
Group 2:
Servers
Group 3:
Network
Group 4:
Services
AWS Backdoors – Ideas
xebia.com
― EventBridge
― Step Functions
― EC2 OS cron
― CloudTrail
― PowerUser + IAMFull
― Same context
― Office hours activity
Hide and seek
Self-Healing Detection prevention
xebia.com

More Related Content

Similar to Michal Brygidyn_CloudHackingScenarios.pdf

Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
Supercharge Your Product Development with Continuous Delivery & Serverless Co...
Supercharge Your Product Development with Continuous Delivery & Serverless Co...Supercharge Your Product Development with Continuous Delivery & Serverless Co...
Supercharge Your Product Development with Continuous Delivery & Serverless Co...Amazon Web Services
 
SMC302 Building Serverless Web Applications
SMC302 Building Serverless Web ApplicationsSMC302 Building Serverless Web Applications
SMC302 Building Serverless Web ApplicationsAmazon Web Services
 
muCon 2017 - 12 Factor Serverless Applications
muCon 2017 - 12 Factor Serverless ApplicationsmuCon 2017 - 12 Factor Serverless Applications
muCon 2017 - 12 Factor Serverless ApplicationsChris Munns
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemCraeg Strong
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...Cloud Native Day Tel Aviv
 
Building Serverless Web Applications
Building Serverless Web Applications Building Serverless Web Applications
Building Serverless Web Applications Amazon Web Services
 
SMC305 Building CI/CD Pipelines for Serverless Applications
SMC305 Building CI/CD Pipelines for Serverless ApplicationsSMC305 Building CI/CD Pipelines for Serverless Applications
SMC305 Building CI/CD Pipelines for Serverless ApplicationsAmazon Web Services
 
Twelve Factor Serverless Applications
Twelve Factor Serverless ApplicationsTwelve Factor Serverless Applications
Twelve Factor Serverless ApplicationsAmazon Web Services
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Application Lifecycle Management in a Serverless World
Application Lifecycle Management in a Serverless WorldApplication Lifecycle Management in a Serverless World
Application Lifecycle Management in a Serverless WorldAmazon Web Services
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APIDavid Keener
 
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfiantoidsecconf
 
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017Building CICD Pipelines for Serverless Applications - DevDay Austin 2017
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017Amazon Web Services
 

Similar to Michal Brygidyn_CloudHackingScenarios.pdf (20)

Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
Supercharge Your Product Development with Continuous Delivery & Serverless Co...
Supercharge Your Product Development with Continuous Delivery & Serverless Co...Supercharge Your Product Development with Continuous Delivery & Serverless Co...
Supercharge Your Product Development with Continuous Delivery & Serverless Co...
 
SMC302 Building Serverless Web Applications
SMC302 Building Serverless Web ApplicationsSMC302 Building Serverless Web Applications
SMC302 Building Serverless Web Applications
 
muCon 2017 - 12 Factor Serverless Applications
muCon 2017 - 12 Factor Serverless ApplicationsmuCon 2017 - 12 Factor Serverless Applications
muCon 2017 - 12 Factor Serverless Applications
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
 
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
12 Factor Serverless Applications - Mike Morain, AWS - Cloud Native Day Tel A...
 
Deep Dive on Serverless Stack
Deep Dive on Serverless StackDeep Dive on Serverless Stack
Deep Dive on Serverless Stack
 
Building Serverless Web Applications
Building Serverless Web Applications Building Serverless Web Applications
Building Serverless Web Applications
 
SMC305 Building CI/CD Pipelines for Serverless Applications
SMC305 Building CI/CD Pipelines for Serverless ApplicationsSMC305 Building CI/CD Pipelines for Serverless Applications
SMC305 Building CI/CD Pipelines for Serverless Applications
 
Twelve Factor Serverless Applications
Twelve Factor Serverless ApplicationsTwelve Factor Serverless Applications
Twelve Factor Serverless Applications
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Application Lifecycle Management in a Serverless World
Application Lifecycle Management in a Serverless WorldApplication Lifecycle Management in a Serverless World
Application Lifecycle Management in a Serverless World
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
 
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
 
AWS Code Services
AWS Code ServicesAWS Code Services
AWS Code Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfianto
 
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017Building CICD Pipelines for Serverless Applications - DevDay Austin 2017
Building CICD Pipelines for Serverless Applications - DevDay Austin 2017
 

More from AWS Chicago

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxAWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaAWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxAWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxAWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxAWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxAWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfAWS Chicago
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxAWS Chicago
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxAWS Chicago
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxAWS Chicago
 
Jason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxJason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxAWS Chicago
 

More from AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 
Jason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxJason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptx
 

Recently uploaded

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jNeo4j
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideStefan Dietze
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 

Recently uploaded (20)

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 

Michal Brygidyn_CloudHackingScenarios.pdf

  • 1. xebia.com Michał Brygidyn AWS Ambassador AWS Community Builder Cloud Hacking Scenarios AWS Community Day Midwest Chicago – 15.06.2023
  • 3. xebia.com Source code 1. Just view the source code J – Comments – JavaScript Step 1 HTML
  • 5. xebia.com Source code 1. Just view the source code J – Comments – JavaScript Step 1 HTML
  • 6. xebia.com Source code 1. Just view the source code J – Comments – JavaScript Step 1 AWS ─ Administrator Access J Step 2 HTML – AWS
  • 7. xebia.com What went wrong? Code, build, forget, repeat… Sensitive data left in code ─ “for the next team to let them know how it works” ─ “because that’s how I use variables in my JavaScript”
  • 9. xebia.com Public GitHub repo 1. Config file with encrypted variables 2. Java class with a decrypt function and.. a secret key Step 1 GitHub
  • 11. xebia.com Public GitHub repo 1. Config file with encrypted variables 2. Java class with a decrypt function and.. a secret key Step 1 GitHub
  • 12. xebia.com Public GitHub repo 1. Config file with encrypted variables 2. Java class with a decrypt function and.. a secret key Office365 1. Teams: ─ “Hello CxO J” 2. SharePoint: ─ PDF with a Jira configuration guide… ─ … including login and password Step 1 Step 2 GitHub – Office 365
  • 13. xebia.com Public GitHub repo 1. Config file with encrypted variables 2. Java class with a decrypt function and.. a secret key Office365 1. Teams: ─ “Hello CxO J” 2. SharePoint: ─ PDF with a Jira configuration guide… ─ … including login and password Jira Project “AWS”: ─ Task to create IAM User for an external service ─ Plaintext AWS Access and Secret keys in comments Step 1 Step 2 Step 3 GitHub – Office 365 – Jira
  • 14. xebia.com Public GitHub repo 1. Config file with encrypted variables 2. Java class with a decrypt function and.. a secret key Office365 1. Teams: ─ “Hello CxO J” 2. SharePoint: ─ PDF with a Jira configuration guide… ─ … including login and password Jira Project “AWS”: ─ Task to create IAM User for an external service ─ Plaintext AWS Access and Secret keys in comments AWS ─ Administrator Access J Step 1 Step 2 Step 3 Step 4 GitHub – Office 365 – Jira – AWS
  • 15. xebia.com ─ Config files ─ Encryption keys ─ Git history Hardcoded sensitive data ─ To many viewers ─ Valid credentials in documentation ─ Using own personal/business account in scripts Lack of security awareness ─ Public repository ─ Risky credentials sharing Bad tools selection What went wrong?
  • 17. xebia.com Symfony Profiler A publicly available development tool: ─ Plaintext credentials in Server Parameters ─ Plaintext credentials in Requests history ─ parameters.yml preview Step 1 Symfony Profiler
  • 19. xebia.com Symfony Profiler A publicly available development tool: ─ Plaintext credentials in Server Parameters ─ Plaintext credentials in Requests history ─ parameters.yml preview Step 1 Symfony Profiler
  • 20. xebia.com Symfony Profiler A publicly available development tool: ─ Plaintext credentials in Server Parameters ─ Plaintext credentials in Requests history ─ parameters.yml preview Internal app 1. Admin credentials: ─ Dev Environment ─ Prod Environment 2. SSO to multiple apps: ─ Production CRM ─ Webmail Step 1 Step 2 Symfony Profiler – Internal Apps
  • 21. xebia.com Symfony Profiler A publicly available development tool: ─ Plaintext credentials in Server Parameters ─ Plaintext credentials in Requests history ─ parameters.yml preview Internal app 1. Admin credentials: ─ Dev Environment ─ Prod Environment 2. SSO to multiple apps: ─ Production CRM ─ Webmail Webmail 1. AWS Invoices & Trusted Advisor emails 2. Reset password for AWS Root account Step 1 Step 2 Step 3 Symfony Profiler – Internal Apps
  • 22. xebia.com Symfony Profiler A publicly available development tool: ─ Plaintext credentials in Server Parameters ─ Plaintext credentials in Requests history ─ parameters.yml preview Internal app 1. Admin credentials: ─ Dev Environment ─ Prod Environment 2. SSO to multiple apps: ─ Production CRM ─ Webmail Webmail 1. AWS Invoices & Trusted Advisor emails 2. Reset password for AWS Root account AWS Root Account ─ No MFA ─ Organization Management Account ─ Administrator Access on all member accounts J Step 1 Step 2 Step 3 Step 4 Symfony Profiler – Internal Apps – AWS
  • 23. xebia.com ─ Prod database on a non-prod ─ Same credentials across multiple environments ─ A single cloud subscription for all envs / apps / clients Prod data on a non-prod env ─ Not enforced ─ Shared credentials No MFA ─ “All for one, and one for all” ─ Shared account/password ─ Very old passwords Critical services using the same shared email What went wrong?
  • 25. xebia.com Kubernetes API A publicly exposed Kubernetes API with disabled RBAC: ─ Base64 Secrets ─ Plaintext ConfigMaps ─ Pods list and configuration Step 1 Kubernetes
  • 27. xebia.com Kubernetes API A publicly exposed Kubernetes API with disabled RBAC: ─ Base64 Secrets ─ Plaintext ConfigMaps ─ Pods list and configuration Step 1 Kubernetes
  • 28. xebia.com Kubernetes API A publicly exposed Kubernetes API with disabled RBAC: ─ Base64 Secrets ─ Plaintext ConfigMaps ─ Pods list and configuration K8s Secrets 1. AWS Access Keys: ─ S3 access only 2. Jenkins admin credentials Step 1 Step 2 Kubernetes
  • 29. xebia.com Kubernetes API A publicly exposed Kubernetes API with disabled RBAC: ─ Base64 Secrets ─ Plaintext ConfigMaps ─ Pods list and configuration K8s Secrets 1. AWS Access Keys: ─ S3 access only 2. Jenkins admin credentials Jenkins app 1. AWS Access Keys in different Workspaces: ─ SQS access ─ Lambda access 2. GitHub credentials in Jenkins Credentials 3. AWS CLI calls in jobs console logs Step 1 Step 2 Step 3 Kubernetes – Jenkins
  • 30. xebia.com Kubernetes API A publicly exposed Kubernetes API with disabled RBAC: ─ Base64 Secrets ─ Plaintext ConfigMaps ─ Pods list and configuration K8s Secrets 1. AWS Access Keys: ─ S3 access only 2. Jenkins admin credentials Jenkins app 1. AWS Access Keys in different Workspaces: ─ SQS access ─ Lambda access 2. GitHub credentials in Jenkins Credentials 3. AWS CLI calls in jobs console logs Kubectl exec Bash on Jenkins pod: ─ AWS IAM Role with Administrator Access J Step 1 Step 2 Step 3 Step 4 Kubernetes – Jenkins – AWS
  • 31. xebia.com ─ Lack of knowledge ─ Limited scope of penetration testing ─ Risky design Public resources ─ Admin access for all! ─ Unprotected CICD tools ─ Running apps as Root Principle of Least Privilege ─ No RBAC ─ Unencrypted data ─ No firewall Disabled security features What went wrong?
  • 33. xebia.com – Outdated software running on cloud servers (open proxy) Other ways “in”
  • 35. xebia.com – Outdated software running on cloud servers (open proxy) – Admin credentials logged during the installation Other ways “in”
  • 36. xebia.com – Outdated software running on cloud servers (open proxy) – Admin credentials logged during the installation – Misconfigured vhosts → Directory indexing Other ways “in”
  • 38. xebia.com – Outdated software running on cloud servers (open proxy) – Admin credentials logged during the installation – Misconfigured vhosts → Directory indexing – Debug pages and connection strings (Python Django) Other ways “in”
  • 40. xebia.com AWS Backdoors A small teaser of my next presentation
  • 41. xebia.com - IAM Users - Trust Policy - Identity Providers Group 1: IAM AWS Backdoors – Ideas
  • 42. xebia.com - IAM Users - Trust Policy - Identity Providers - Public EC2 - Local OS user Group 1: IAM Group 2: Servers AWS Backdoors – Ideas
  • 43. xebia.com - IAM Users - Trust Policy - Identity Providers - Public EC2 - Local OS user - Security Group Rule - VPC Peering - Transit Gateway Group 1: IAM Group 2: Servers Group 3: Network AWS Backdoors – Ideas
  • 44. xebia.com - IAM Users - Trust Policy - Identity Providers - Public EC2 - Local OS user - Security Group Rule - VPC Peering - Transit Gateway - Identity Center - CodePipeline - Lambda Function URL Group 1: IAM Group 2: Servers Group 3: Network Group 4: Services AWS Backdoors – Ideas
  • 45. xebia.com ― EventBridge ― Step Functions ― EC2 OS cron ― CloudTrail ― PowerUser + IAMFull ― Same context ― Office hours activity Hide and seek Self-Healing Detection prevention