Uploaded byCloudVillage
PDF, PPTX4,970 views

Battle in the Clouds - Attacker vs Defender on AWS

The document discusses various strategies and tools for enhancing security in AWS environments, including the shared responsibility model and infrastructure as code practices with HashiCorp Terraform and Packer. It highlights the importance of secret management with HashiCorp Vault, interservice communication security using TLS, and the use of Web Application Firewalls (WAF) like AWS WAF and NAXSI. Additionally, it mentions AWS services like GuardDuty and Inspector to detect threats and assess security compliance.

Embed presentation

Download as PDF, PPTX
Battle in the Clouds: Attacker vs Defender on AWS Dani Goland Mohsan Farid
Shared Responsibility Model
Hummus Bombing Celery Workers
Relay 101
Exchange Abuse
Exchange Abuse
Exchange Abuse
Exchange Abuse
Pivoting isn’t always easy but it sho is fun!
Everybody Wants To Rule The World
Shell Yeah!
Lateral-aly
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Infrastructure As Code (Hashicorp Terraform / AWS Cloudformation)
Immutable Infrastructure(Hashicorp Packer) • Bake AMIs with Packer • Use Ansible to harden the OS • https://github.com/openstack/ansi ble-hardening
Secret Management • Hashicorp Vault/AWS SSM Parameter Store • Granular control over access to secrets • Automatic generation of short-lived DB credentials(Vault)
Interservice Communication • Use TLS • Manage your own keys via Vault • Use Consul Connect sidecar to automatically proxy your traffic encrypted.
WAF • AWS WAF Custom Rules or Managed Rules • Open Source Solutions Like NAXSI(with NGINX) https://github.com/nbs-system/naxsi
Example Architecture • ALB à NGINX(w/ NAXSI) à ECS with Consul Connect Sidecar à Vault
AWS Services Guard Duty – A threat detection service that continuously monitors for malicious activity and unauthorized behavior. Inspector - An automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
VirusBay Registration Code: “DEFCON27”

More Related Content

PDF
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
byJose Hernandez
 
PDF
Pragmatic Cloud Security Automation
byCloudVillage
 
PPTX
Scaling Security in the Cloud With Open Source
byCloudVillage
 
PDF
Serverless security - how to protect what you don't see?
bySqreen
 
PPTX
Of CORS thats a thing how CORS in the cloud still kills security
byJohn Varghese
 
PPTX
Automated Intrusion Detection and Response on AWS
by2nd Sight Lab
 
PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
byDevOps.com
 
PPTX
EKS security best practices
byJohn Varghese
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
byJose Hernandez
 
Pragmatic Cloud Security Automation
byCloudVillage
 
Scaling Security in the Cloud With Open Source
byCloudVillage
 
Serverless security - how to protect what you don't see?
bySqreen
 
Of CORS thats a thing how CORS in the cloud still kills security
byJohn Varghese
 
Automated Intrusion Detection and Response on AWS
by2nd Sight Lab
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
byDevOps.com
 
EKS security best practices
byJohn Varghese
 

What's hot

PPTX
Native cloud security monitoring
byJohn Varghese
 
PPTX
Crypto Miners in the Cloud
by2nd Sight Lab
 
PDF
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
byCloudVillage
 
PPTX
Shift Left - How to improve your security with checkov before it’s going to p...
byAnton Grübel
 
PDF
Netflix Open Source Meetup Season 4 Episode 3
byaspyker
 
PPTX
Security for Complex Networks on AWS
by2nd Sight Lab
 
PDF
Mini-Training: Netflix Simian Army
byBetclic Everest Group Tech Team
 
PDF
Defending your workloads with aws waf and deep security
byMark Nunnikhoven
 
PDF
Brian Ketelsen - Microservices in Go using Micro - Codemotion Milan 2017
byCodemotion
 
PPTX
Los Angeles AWS Users Group - Athena Deep Dive
byKevin Epstein
 
PPTX
Securing AWS Accounts with Hashi Vault
byShrivatsa Upadhye
 
PPTX
Packet Capture on AWS
by2nd Sight Lab
 
PPTX
Shared Security Responsibility Model of AWS
byAkshay Mathur
 
PPTX
Cloud native policy enforcement with Open Policy Agent
byLibbySchulze
 
PDF
AWS temporary credentials challenges in prevention detection mitigation
byJohn Varghese
 
Native cloud security monitoring
byJohn Varghese
 
Crypto Miners in the Cloud
by2nd Sight Lab
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
byCloudVillage
 
Shift Left - How to improve your security with checkov before it’s going to p...
byAnton Grübel
 
Netflix Open Source Meetup Season 4 Episode 3
byaspyker
 
Security for Complex Networks on AWS
by2nd Sight Lab
 
Mini-Training: Netflix Simian Army
byBetclic Everest Group Tech Team
 
Defending your workloads with aws waf and deep security
byMark Nunnikhoven
 
Brian Ketelsen - Microservices in Go using Micro - Codemotion Milan 2017
byCodemotion
 
Los Angeles AWS Users Group - Athena Deep Dive
byKevin Epstein
 
Securing AWS Accounts with Hashi Vault
byShrivatsa Upadhye
 
Packet Capture on AWS
by2nd Sight Lab
 
Shared Security Responsibility Model of AWS
byAkshay Mathur
 
Cloud native policy enforcement with Open Policy Agent
byLibbySchulze
 
AWS temporary credentials challenges in prevention detection mitigation
byJohn Varghese
 

Similar to Battle in the Clouds - Attacker vs Defender on AWS

PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PPTX
AWS Security and Compliance Presentation
bygoutamnita
 
PPT
Aws training in bangalore
byapponix123
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
Intro to threat_detection_and_remediation on aws
byBela Sojina MBA, PMP
 
PDF
Datensicherheit mit AWS - AWS Security Web Day
byAWS Germany
 
PDF
Oas un llamado a la accion
byMarcela Cárdenas Hidalgo
 
PDF
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
byMarcela Cárdenas Hidalgo
 
PPTX
Pitt Immersion Day Module 5 - security overview
byEagleDream Technologies
 
PPTX
Hackproof Your Cloud: Responding to 2016 Threats
byCloudCheckr
 
PDF
Amazon Web Services: Overview of Security Processes
bywhite paper
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
PPTX
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
byGarth Boyd
 
PPTX
Building A Cloud Security Strategy for Scale
byChris Farris
 
PPTX
Cloud Security.pptx
byReena Harnal
 
PDF
Security compute services_whitepaper
bysaifam
 
PPTX
Alert Logic: Realities of Security in the Cloud
byAlert Logic
 
PDF
Kernel Con 2022: Securing Cloud Native Workloads
byGabriel Schuyler
 
PPTX
Security
byParag Patil
 
PDF
Mitigating techniques
byRichard Harvey
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
AWS Security and Compliance Presentation
bygoutamnita
 
Aws training in bangalore
byapponix123
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
Intro to threat_detection_and_remediation on aws
byBela Sojina MBA, PMP
 
Datensicherheit mit AWS - AWS Security Web Day
byAWS Germany
 
Oas un llamado a la accion
byMarcela Cárdenas Hidalgo
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
byMarcela Cárdenas Hidalgo
 
Pitt Immersion Day Module 5 - security overview
byEagleDream Technologies
 
Hackproof Your Cloud: Responding to 2016 Threats
byCloudCheckr
 
Amazon Web Services: Overview of Security Processes
bywhite paper
 
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
byGarth Boyd
 
Building A Cloud Security Strategy for Scale
byChris Farris
 
Cloud Security.pptx
byReena Harnal
 
Security compute services_whitepaper
bysaifam
 
Alert Logic: Realities of Security in the Cloud
byAlert Logic
 
Kernel Con 2022: Securing Cloud Native Workloads
byGabriel Schuyler
 
Security
byParag Patil
 
Mitigating techniques
byRichard Harvey
 

More from CloudVillage

PDF
Build to Hack, Hack to Build
byCloudVillage
 
PDF
Phishing in the cloud era
byCloudVillage
 
PDF
Mining Malevolence: Cryptominers in the Cloud
byCloudVillage
 
PDF
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
byCloudVillage
 
PDF
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
byCloudVillage
 
PPTX
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
byCloudVillage
 
PDF
MozDef Workshop slide
byCloudVillage
 
PDF
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
byCloudVillage
 
Build to Hack, Hack to Build
byCloudVillage
 
Phishing in the cloud era
byCloudVillage
 
Mining Malevolence: Cryptominers in the Cloud
byCloudVillage
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
byCloudVillage
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
byCloudVillage
 
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
byCloudVillage
 
MozDef Workshop slide
byCloudVillage
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
byCloudVillage
 

Recently uploaded

PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
API-First Architecture in Financial Systems
bycyy111112
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
December Patch Tuesday
byIvanti
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 

Battle in the Clouds - Attacker vs Defender on AWS