SlideShare a Scribd company logo

Cloud Summit Canada com Rodrigo Montoro

Clavis Segurança da Informação
Clavis Segurança da Informação

Entre os dias 04/10 e 06/10, nosso head de Threat & Detection Research e Security Content Lead, Rodrigo Montoro, representou a Clavis em mais uma importante apresentação em Toronto no Canadá. No dia 04/10 ele palestrou no Cloud Summit e no dia 06/10 na Sector. Montoro, apresentou as palestras "The Default Truth Of AWS Shared Responsability Model" e "Understanding, Abusing and Monitoring AWS Appstream 2.0", onde abordou a importância de entender os padrões que o provedor da nuvem proporciona, bem como pesquisar sobre serviços de uso mais incomuns e fora dos grande "holofotes". A abordagem das duas palestras busca justamente desmitificar um pouco do modelo de responsabilidade compartilhada e configurações iniciais da nuvem e a segunda o entendimento de um serviço não tao comumente utilizado e seus perigos. Como exemplo, compartilhou importantes resultados obtidos após pesquisa de vulnerabilidades no serviço Amazon AppStream 2.0, da Amazon Web Services (AWS).

Technology
1 of 39
Download to read offline
The deFAULT truth of AWS Shared Responsibility Model Rodrigo Montoro Head of Threat & Detection Research @spookerlabs
$ aws --profile Rodrigo Montoro sts get-caller-identity Clavis Segurança da Informação ● Head of Threat & Detection Research at Clavis Security ● Living in Florianópolis (Silicon Island) ● Author of 2 patented technologies (US Patent Office) ● Speaker in different conferences (Brazil,USA,Canada) ● Proud Dad and Husband ● Full Ironman triathlon (2x) ● Crossfit and Powerlifting
Motivation
Some numbers(*) about security ‘IN’ the cloud (AWS) Clavis Segurança da Informação ● CSPM Detections (cloudsploit) ○ 460 findings (AWS) ○ 87 services covered (around 29% of services) ● Services with Passrole ○ 330 actions ○ 92 services (around 30.7% of services) ● Detections from Elastic rules ○ 59 detections ○ ~22 services covered (around 7.3% of services) ● Detections from Sigma ○ 31 detections ○ ~20 services covered (around 6.7% of services) * based on my analysis in open source tool and public content
With some ideas in mind … Clavis Segurança da Informação
Security Operations Center (SOC) AGENDA 1 AWS ecosystem / Control Plane DeFAULT Design Data Plane 1 1 Cross Account 1 Uncommon Services Conclusions
7 Clavis Segurança da Informação AWS Ecosystem / Control Plane
AWS Shared Responsibility Model Clavis Segurança da Informação
AWS In Numbers Clavis Segurança da Informação ● Around 13k actions ● 973 Managed policies ● Around 300 Services ● 18 regions ● 5 actions access level Source: https://aws.permissions.cloud/
How authentication and authorization works Clavis Segurança da Informação
AWS IAM policy flow analysis Clavis Segurança da Informação
Management Events Clavis Segurança da Informação
13 Clavis Segurança da Informação DeFAULT Design
How many problems an AWS account start (with an Admin user) ? Clavis Segurança da Informação
Next let’s add an ec2 instance Clavis Segurança da Informação
Just to finish a s3 bucket … Clavis Segurança da Informação
Simple scenario (only 3 services) the "deFAULT problems” Clavis Segurança da Informação
Some more details Clavis Segurança da Informação ● VPC Endpoint ○ Policy Resource : * ● IAM ○ Managed Policies ■ Resource: * ■ No Conditional ■ No control
service enumeration is possible by design with account id Clavis Segurança da Informação source: https://www.sidechannel.blog/en/enumerating-services-in-aws-accounts-in-an-anonymous-and-unauthenticated-manner/
20 Clavis Segurança da Informação Data Plane
Data Plane Clavis Segurança da Informação ● S3 buckets data events ● RDS Audit logs ● EKS (Kubernetes)
S3 buckets Clavis Segurança da Informação
VPC Flow Logs Clavis Segurança da Informação
GuardDuty Clavis Segurança da Informação source: https://xmind.app/m/K3fmSB/# Events analyzed are NOT saved. Only the payload saved is the content that triggered the finding.
25 Clavis Segurança da Informação Cross Account
What is Cross Account ? Clavis Segurança da Informação source: https://aws.amazon.com/blogs/security/how-to-audit-cross-account-roles-using-aws-cloudtrail-and-amazon-cloudwatch-events/
Vendors / Partners Clavis Segurança da Informação ● Splunk history ● ReadOnlyAccess policy
Splunk history Clavis Segurança da Informação
ReadOnlyAccess World (1/3) - Unwanted Permissions Clavis Segurança da Informação source: https://www.sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws/ ● s3:GetObject ● lambda:GetFunction ● ec2:DescribeInstanceAttribute ● dynamodb:{Query,Scan} ● cloudtrail:LookupEvents
ReadOnlyAccess World (2/3) - bad use everywhere Clavis Segurança da Informação source: https://www.wiz.io/blog/82-of-companies-unknowingly-give-3rd-parties-access-to-all-their-cloud-data
ReadOnlyAccess World (3/3) - Sample of products Clavis Segurança da Informação Tenable - https://docs.tenable.com/tenablecs/quick-reference/AWS/Content/QuickReference/SetUpA WSReadOnlyAccess.htm Site24x7 - https://www.site24x7.com/help/aws/enable-aws-account-access.html NewRelic - https://docs.newrelic.com/docs/infrastructure/amazon-integrations/get-started/integrations- managed-policies/ Autocloud - https://docs.autocloud.dev/aws-account DivvyCloud - https://docs.divvycloud.com/docs/policies (some minor denies http://get.divvycloud.com/policies/ReadOnlywithAWSReadOnly.json ) Cloudockit - https://www.cloudockit.com/documentation/aws-create-user-for-cloudockit/ Hava.io - https://docs.hava.io/importing/aws/getting-started-with-aws/read-only-iam-user Cloudcraft - https://help.cloudcraft.co/article/87-connect-aws-account-with-cloudcraft
32 Clavis Segurança da Informação Uncommon Services
What do I consider uncommon ? Clavis Segurança da Informação ● Services without security research related ○ big part of 300 services ○ almost 13000 actions ● Very specific services with only "few" customers
So what is _REALLY_ uncommon ? How about Identity Center (SSO)? Clavis Segurança da Informação
Passrole world Clavis Segurança da Informação source: https://twitter.com/noamdahan/status/1349384948998922240
Appstream 2.0 Edition Clavis Segurança da Informação
37 Clavis Segurança da Informação Future & Conclusions
Future and Conclusions Clavis Segurança da Informação ● Make sure you understand default configurations ● Validate cross account / partners permissions ● Know what you are running ● Find your knowledge gaps ● Keep researching and improving detections ● Make sure you train your team
Thank you! See you at Sector Rodrigo Montoro @spookerlabs rodrigo.montoro@clavis.com.br

Recommended

Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Rodrigo Montoro
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsTenchi Security
 
Bsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxBsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxClavis Segurança da Informação
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Maganathin Veeraragaloo
 
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...Amazon Web Services
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesDevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesVagner Rodrigues Fernandes
 

Recommended

Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Rodrigo Montoro
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsTenchi Security
 
Bsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxBsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxClavis Segurança da Informação
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Maganathin Veeraragaloo
 
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...Amazon Web Services
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesDevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesVagner Rodrigues Fernandes
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security ChecklistAmazon Web Services
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud SecurityLegal Services National Technology Assistance Project (LSNTAP)
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 IntroFredBrandonAuthorMCP
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroResposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroClavis Segurança da Informação
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 

More Related Content

What's hot

Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 

What's hot (20)

Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And Analysis
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
SC-900 Intro
SC-900 IntroSC-900 Intro
SC-900 Intro
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 

Similar to Cloud Summit Canada com Rodrigo Montoro

Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroResposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroClavis Segurança da Informação
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...Amazon Web Services
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptxnitinscribd
 
Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World MongoDB
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS InfrastructureOWASP
 
AWS Summit Auckland Sponsor presentation - Bulletproof
AWS Summit Auckland Sponsor presentation - BulletproofAWS Summit Auckland Sponsor presentation - Bulletproof
AWS Summit Auckland Sponsor presentation - BulletproofAmazon Web Services
 
AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...Omid Vahdaty
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesAmazon Web Services
 
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...Kocapep
 
SEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxSEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxDubemJavapi
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Amazon Web Services
 

Similar to Cloud Summit Canada com Rodrigo Montoro (20)

Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroResposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for Scale
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
 
Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
 
AWS Summit Auckland Sponsor presentation - Bulletproof
AWS Summit Auckland Sponsor presentation - BulletproofAWS Summit Auckland Sponsor presentation - Bulletproof
AWS Summit Auckland Sponsor presentation - Bulletproof
 
AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” Principles
 
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...
 
SEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptxSEC302-S-143971-AWS-Prismacloud.pptx
SEC302-S-143971-AWS-Prismacloud.pptx
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon Sa...
 

More from Clavis Segurança da Informação

Desenvolvimento Seguro de Software - 10o Workshop SegInfo - Apresentação
Desenvolvimento Seguro de Software - 10o Workshop SegInfo - ApresentaçãoDesenvolvimento Seguro de Software - 10o Workshop SegInfo - Apresentação
Desenvolvimento Seguro de Software - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
Big Data e Segurança da Informação - 10o Workshop SegInfo - Apresentação
Big Data e Segurança da Informação - 10o Workshop SegInfo - ApresentaçãoBig Data e Segurança da Informação - 10o Workshop SegInfo - Apresentação
Big Data e Segurança da Informação - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
A maldição do local admin - 10o Workshop SegInfo - Apresentação
A maldição do local admin - 10o Workshop SegInfo - ApresentaçãoA maldição do local admin - 10o Workshop SegInfo - Apresentação
A maldição do local admin - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoClavis Segurança da Informação
 
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...Clavis Segurança da Informação
 
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401Clavis Segurança da Informação
 
Manobras Evasivas: Técnicas de Evasão para Varreduras com o Nmap
Manobras Evasivas: Técnicas de Evasão para Varreduras com o NmapManobras Evasivas: Técnicas de Evasão para Varreduras com o Nmap
Manobras Evasivas: Técnicas de Evasão para Varreduras com o NmapClavis Segurança da Informação
 
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...Clavis Segurança da Informação
 
Testes de Invasão ajudam a alcançar a conformidade - Segurança da Informação
Testes de Invasão ajudam a alcançar a conformidade - Segurança da InformaçãoTestes de Invasão ajudam a alcançar a conformidade - Segurança da Informação
Testes de Invasão ajudam a alcançar a conformidade - Segurança da InformaçãoClavis Segurança da Informação
 
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força Bruta
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força BrutaEntendendo como as Mídias Socias Revolucionaram os Ataques de Força Bruta
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força BrutaClavis Segurança da Informação
 
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o Wmap
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o WmapDescobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o Wmap
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o WmapClavis Segurança da Informação
 
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DF
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DFGerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DF
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DFClavis Segurança da Informação
 
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...Clavis Segurança da Informação
 
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ Clavis Segurança da Informação
 
Webinar # 17 – Análise de Malware em Forense Computacional
Webinar # 17 – Análise de Malware em Forense ComputacionalWebinar # 17 – Análise de Malware em Forense Computacional
Webinar # 17 – Análise de Malware em Forense ComputacionalClavis Segurança da Informação
 

More from Clavis Segurança da Informação (20)

Desenvolvimento Seguro de Software - 10o Workshop SegInfo - Apresentação
Desenvolvimento Seguro de Software - 10o Workshop SegInfo - ApresentaçãoDesenvolvimento Seguro de Software - 10o Workshop SegInfo - Apresentação
Desenvolvimento Seguro de Software - 10o Workshop SegInfo - Apresentação
 
Big Data e Segurança da Informação - 10o Workshop SegInfo - Apresentação
Big Data e Segurança da Informação - 10o Workshop SegInfo - ApresentaçãoBig Data e Segurança da Informação - 10o Workshop SegInfo - Apresentação
Big Data e Segurança da Informação - 10o Workshop SegInfo - Apresentação
 
A maldição do local admin - 10o Workshop SegInfo - Apresentação
A maldição do local admin - 10o Workshop SegInfo - ApresentaçãoA maldição do local admin - 10o Workshop SegInfo - Apresentação
A maldição do local admin - 10o Workshop SegInfo - Apresentação
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
 
Palestra GlobalSign
Palestra GlobalSignPalestra GlobalSign
Palestra GlobalSign
 
Palestra Clavis - Octopus
Palestra Clavis - OctopusPalestra Clavis - Octopus
Palestra Clavis - Octopus
 
Palestra Exceda - Clavis 2016
Palestra Exceda - Clavis 2016Palestra Exceda - Clavis 2016
Palestra Exceda - Clavis 2016
 
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...
Clavis e Cyberark promovem almoço para sobre soluções para a área de Seguranç...
 
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401
Webinar #27 - Curso Permanente ComPTIA Security+ Exame SY0 401
 
Webinar # 21 – Análise Forense de Redes
Webinar # 21 – Análise Forense de Redes Webinar # 21 – Análise Forense de Redes
Webinar # 21 – Análise Forense de Redes
 
Manobras Evasivas: Técnicas de Evasão para Varreduras com o Nmap
Manobras Evasivas: Técnicas de Evasão para Varreduras com o NmapManobras Evasivas: Técnicas de Evasão para Varreduras com o Nmap
Manobras Evasivas: Técnicas de Evasão para Varreduras com o Nmap
 
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...
Tutorial: Principais Vulnerabilidades em Aplicações Web – Rafael Soares Ferre...
 
Testes de Invasão ajudam a alcançar a conformidade - Segurança da Informação
Testes de Invasão ajudam a alcançar a conformidade - Segurança da InformaçãoTestes de Invasão ajudam a alcançar a conformidade - Segurança da Informação
Testes de Invasão ajudam a alcançar a conformidade - Segurança da Informação
 
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força Bruta
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força BrutaEntendendo como as Mídias Socias Revolucionaram os Ataques de Força Bruta
Entendendo como as Mídias Socias Revolucionaram os Ataques de Força Bruta
 
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o Wmap
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o WmapDescobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o Wmap
Descobrindo (e Explorando) Vulnerabilidades em Aplicações Web com o Wmap
 
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DF
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DFGerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DF
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI - DF
 
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...
Impacto sobre o Negócio da Exploração de Vulnerabilidades de Injeção em Aplic...
 
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ
Gerenciamento de Vulnerabilidades em Redes Corporativas - CNASI RJ
 
Webinar #18 – A Nova Lei de Cibercrimes
Webinar #18 – A Nova Lei de CibercrimesWebinar #18 – A Nova Lei de Cibercrimes
Webinar #18 – A Nova Lei de Cibercrimes
 
Webinar # 17 – Análise de Malware em Forense Computacional
Webinar # 17 – Análise de Malware em Forense ComputacionalWebinar # 17 – Análise de Malware em Forense Computacional
Webinar # 17 – Análise de Malware em Forense Computacional
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Cloud Summit Canada com Rodrigo Montoro

  • 1. The deFAULT truth of AWS Shared Responsibility Model Rodrigo Montoro Head of Threat & Detection Research @spookerlabs
  • 2. $ aws --profile Rodrigo Montoro sts get-caller-identity Clavis Segurança da Informação ● Head of Threat & Detection Research at Clavis Security ● Living in Florianópolis (Silicon Island) ● Author of 2 patented technologies (US Patent Office) ● Speaker in different conferences (Brazil,USA,Canada) ● Proud Dad and Husband ● Full Ironman triathlon (2x) ● Crossfit and Powerlifting
  • 4. Some numbers(*) about security ‘IN’ the cloud (AWS) Clavis Segurança da Informação ● CSPM Detections (cloudsploit) ○ 460 findings (AWS) ○ 87 services covered (around 29% of services) ● Services with Passrole ○ 330 actions ○ 92 services (around 30.7% of services) ● Detections from Elastic rules ○ 59 detections ○ ~22 services covered (around 7.3% of services) ● Detections from Sigma ○ 31 detections ○ ~20 services covered (around 6.7% of services) * based on my analysis in open source tool and public content
  • 5. With some ideas in mind … Clavis Segurança da Informação
  • 6. Security Operations Center (SOC) AGENDA 1 AWS ecosystem / Control Plane DeFAULT Design Data Plane 1 1 Cross Account 1 Uncommon Services Conclusions
  • 7. 7 Clavis Segurança da Informação AWS Ecosystem / Control Plane
  • 8. AWS Shared Responsibility Model Clavis Segurança da Informação
  • 9. AWS In Numbers Clavis Segurança da Informação ● Around 13k actions ● 973 Managed policies ● Around 300 Services ● 18 regions ● 5 actions access level Source: https://aws.permissions.cloud/
  • 10. How authentication and authorization works Clavis Segurança da Informação
  • 11. AWS IAM policy flow analysis Clavis Segurança da Informação
  • 13. 13 Clavis Segurança da Informação DeFAULT Design
  • 14. How many problems an AWS account start (with an Admin user) ? Clavis Segurança da Informação
  • 15. Next let’s add an ec2 instance Clavis Segurança da Informação
  • 16. Just to finish a s3 bucket … Clavis Segurança da Informação
  • 17. Simple scenario (only 3 services) the "deFAULT problems” Clavis Segurança da Informação
  • 18. Some more details Clavis Segurança da Informação ● VPC Endpoint ○ Policy Resource : * ● IAM ○ Managed Policies ■ Resource: * ■ No Conditional ■ No control
  • 19. service enumeration is possible by design with account id Clavis Segurança da Informação source: https://www.sidechannel.blog/en/enumerating-services-in-aws-accounts-in-an-anonymous-and-unauthenticated-manner/
  • 20. 20 Clavis Segurança da Informação Data Plane
  • 21. Data Plane Clavis Segurança da Informação ● S3 buckets data events ● RDS Audit logs ● EKS (Kubernetes)
  • 22. S3 buckets Clavis Segurança da Informação
  • 23. VPC Flow Logs Clavis Segurança da Informação
  • 24. GuardDuty Clavis Segurança da Informação source: https://xmind.app/m/K3fmSB/# Events analyzed are NOT saved. Only the payload saved is the content that triggered the finding.
  • 25. 25 Clavis Segurança da Informação Cross Account
  • 26. What is Cross Account ? Clavis Segurança da Informação source: https://aws.amazon.com/blogs/security/how-to-audit-cross-account-roles-using-aws-cloudtrail-and-amazon-cloudwatch-events/
  • 27. Vendors / Partners Clavis Segurança da Informação ● Splunk history ● ReadOnlyAccess policy
  • 29. ReadOnlyAccess World (1/3) - Unwanted Permissions Clavis Segurança da Informação source: https://www.sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws/ ● s3:GetObject ● lambda:GetFunction ● ec2:DescribeInstanceAttribute ● dynamodb:{Query,Scan} ● cloudtrail:LookupEvents
  • 30. ReadOnlyAccess World (2/3) - bad use everywhere Clavis Segurança da Informação source: https://www.wiz.io/blog/82-of-companies-unknowingly-give-3rd-parties-access-to-all-their-cloud-data
  • 31. ReadOnlyAccess World (3/3) - Sample of products Clavis Segurança da Informação Tenable - https://docs.tenable.com/tenablecs/quick-reference/AWS/Content/QuickReference/SetUpA WSReadOnlyAccess.htm Site24x7 - https://www.site24x7.com/help/aws/enable-aws-account-access.html NewRelic - https://docs.newrelic.com/docs/infrastructure/amazon-integrations/get-started/integrations- managed-policies/ Autocloud - https://docs.autocloud.dev/aws-account DivvyCloud - https://docs.divvycloud.com/docs/policies (some minor denies http://get.divvycloud.com/policies/ReadOnlywithAWSReadOnly.json ) Cloudockit - https://www.cloudockit.com/documentation/aws-create-user-for-cloudockit/ Hava.io - https://docs.hava.io/importing/aws/getting-started-with-aws/read-only-iam-user Cloudcraft - https://help.cloudcraft.co/article/87-connect-aws-account-with-cloudcraft
  • 32. 32 Clavis Segurança da Informação Uncommon Services
  • 33. What do I consider uncommon ? Clavis Segurança da Informação ● Services without security research related ○ big part of 300 services ○ almost 13000 actions ● Very specific services with only "few" customers
  • 34. So what is _REALLY_ uncommon ? How about Identity Center (SSO)? Clavis Segurança da Informação
  • 35. Passrole world Clavis Segurança da Informação source: https://twitter.com/noamdahan/status/1349384948998922240
  • 36. Appstream 2.0 Edition Clavis Segurança da Informação
  • 37. 37 Clavis Segurança da Informação Future & Conclusions
  • 38. Future and Conclusions Clavis Segurança da Informação ● Make sure you understand default configurations ● Validate cross account / partners permissions ● Know what you are running ● Find your knowledge gaps ● Keep researching and improving detections ● Make sure you train your team
  • 39. Thank you! See you at Sector Rodrigo Montoro @spookerlabs rodrigo.montoro@clavis.com.br