Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Honey Dripping From The Cloud | BSides BHAM

Kumar Ashwin
October 15, 2021
Education
0
270

Honey Dripping From The Cloud | BSides BHAM

This talk was given by Kumar Ashwin and Hrushikesh Kakade at a virtual conference at BSides Birmingham.

Abstract
---
Migrating to the cloud opens up new possibilities for an organization, but at the same time, it also increases the attack vectors for an adversary. In the cloud, the perimeter security alone won't help in keeping the bad actors away. Organisations too need to think out of the box.

Cloud is mostly secure by default, so if we see the responsibility matrix, most of the activities are being handled by the cloud provider but there are certain things that fall on the tenant. The majority of the vulnerabilities are found because of the misconfiguration issues in these three sections.

- Everything Client Side
- Data in Transit and Rest
- Identity and Access Management

This talk will be about looking at a cloud infrastructure from an attacker's point of view and discovering how honeypots can help the defenders, keeping the bad actors away from the cloud infrastructure of your organisation.

We will be covering:
- Attacker's point of view on attacking AWS infrastructure.
- Deployment of some luring components (like Honeypots and Honey Tokens)
- Benefits of this deployment from a defender's perspective.

Kumar Ashwin

October 15, 2021
Tweet

More Decks by Kumar Ashwin

See All by Kumar Ashwin
Securing Containers From Day One | null Ahmedabad Meetup
0xcardinal
0
500
Getting Started with DFIR | Payatu Webinar
0xcardinal
0
220
Dive In With Git
0xcardinal
0
26
Hacking is not Black & White
0xcardinal
0
17

Other Decks in Education

See All in Education
MonacaEducation導入手引き2024年第1版
asial_edu
1
150
Tangible, Embedded and Embodied Interaction - Lecture 9 - Next Generation User Interfaces (4018166FNR)
signer
PRO
0
1.2k
令和6年度 無料トライアルキャンペーン説明会
asial_edu
0
760
【潔能講堂】永續環境、擁抱綠能 太陽能光電發展現況與產業製程解析
learnenergy2
0
120
Padlet opetuksessa
matleenalaakso
3
11k
H5P-työkalut
matleenalaakso
3
32k
phygital__le_magasin_augmenté.pdf
martine
0
2.6k
経験に複利を効かせろ!ふりかえり研修2024
pokotyamu
22
7.6k
WordPressを教える人のための視点と考え方
crebowinfo
0
230
4 занятие. Разбор бизнес-моделей и метод красной нити #ideaNN 9.02.2024.
karlov
0
230
財務分析 - 入門編
lsuzuki
0
370
Monaca Educationを活用した課題解決型の探究学習の実践
asial_edu
0
200

Featured

See All Featured
Building Applications with DynamoDB
mza
88
5.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Six Lessons from altMBA
skipperchong
21
3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Teambox: Starting and Learning
jrom
128
8.4k
A Modern Web Designer's Workflow
chriscoyier
689
190k
GitHub's CSS Performance
jonrohan
1025
450k
Clear Off the Table
cherdarchuk
84
310k
Automating Front-end Workflow
addyosmani
1356
200k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Ruby is Unlike a Banana
tanoku
96
10k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k

Transcript

  1. Honey Dripping from the Cloud Attacking and Defending Cloud Infrastructure

    Hrushikesh Kakade | Kumar Ashwin BsidesBHAM

  2. About Us Hrushikesh Kakade (Security Engineer @ MPL) • Cloud

    & Cloud Native Security • Application Security • DevSecOps • Twitter Handle: @hkh4cks Kumar Ashwin (Security Consultant @ Payatu) • Cloud Security • Web Security • DevSecOps • Twitter Handle: @0xCardinal

  3. What are we going to cover? ➔ Common Misconfigurations In

    Cloud ➔ Defensive Techniques To Secure Cloud Infrastructure ➔ What Are “Honeypots”? ➔ How HoneyPots Can Be Helpful? ➔ Different Implementation Techniques ➔ Demo ➔ QnA?

  4. Common Misconfigurations In Cloud ➔ EC2 Instance Misconfiguration ➔ S3

    Misconfiguration ➔ Misconfigured Security Groups ➔ Bad AWS IAM Policies

  5. EC2 Instance Misconfiguration ➔ Public Snapshots ➔ Vulnerable Web Apps

    Hosted on EC2 leading to SSRF ➔ Firewall Misconfiguration Common Misconfigurations In Cloud

  6. Examples

  7. S3 Misconfiguration https://hackerone.com/reports/998981 https://hackerone.com/reports/764243 https://blog.detectify.com/2017/07/13/aws-s3-misconfiguration-explained-fix/ https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/ Common Misconfigurations In Cloud

    ➔ Defining “Full Control” access to Authenticated AWS Users. ➔ Enabling “write” access to “Everyone” group. ➔ Misconfiguring object and bucket ACLs. ➔ And many more...

  8. Misconfigured Security Groups Common Misconfigurations In Cloud ➔ Security Groups

    are the virtual firewall for your AWS resources. It defines what comes in and what goes out. ➔ Over-exposure of your AWS resources. ➔ Exposing to all interfaces. ➔ If it works, don’t touch it. Source: Google

  9. Bad IAM Policies Common Misconfigurations In Cloud ➔ IAM policies

    are the objects when associated with the object, defines their permissions. https://kloudle.com/blog/iam-bad-privilege-escalation-using-misconfigured-policies-in-aws-iam-webinar

  10. Common Misconfigurations In Cloud Defence Against

  11. Source: NotSoSecure

  12. EC2 Instance Misconfiguration ➔ Keep a close look on the

    resources you own and what you make public ➔ Use IDMSv2 or Deny access to Metadata service ➔ Only allow the least that is required Defense Against Common Misconfigurations In Cloud https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a https://summitroute.com/blog/2017/08/13/defensive_options_when_using_aws_iam_roles/

  13. S3 Misconfiguration https://medium.com/geekculture/defending-in-depth-s3-buckets-66883620ea4c ➔ Define the least privileged access to

    the bucket and review those permissions on a regular basis across all buckets. ➔ Enable Encryption ➔ Enable Bucket Versioning ➔ Enable “Block Public Access” for buckets that should never be public ➔ Ensure the logging access is enabled to track access requests Defense Against Common Misconfigurations In Cloud

  14. Misconfigured Security Groups Defense Against Common Misconfigurations In Cloud ➔

    Limit the ingress and egress rules ➔ Remove unused security groups

  15. Bad IAM Policies ➔ Restrict access based on Condition Keys

    like SourceIp, SourceVpc, etc. ➔ Limit the AWS privileges granted Defense Against Common Misconfigurations In Cloud https://summitroute.com/blog/2017/08/13/defensive_options_when_using_aws_iam_roles/

  16. Defense Against Common Misconfigurations In Cloud AWS Services for Security

    ➔ GuardDuty ➔ Inspector ➔ Macie GuardDuty Inspector

  17. Out Of The Box Security Strategies Before getting into that

    - let’s understand what are HoneyPots?

  18. What are HoneyPots? “ Honeypots are decoy systems or servers

    deployed alongside production systems within your network. When deployed as enticing targets for attackers, honeypots can add security monitoring opportunities for blue teams and misdirect the adversary from their true target. Source: Rapid7

  19. How can HoneyPots be helpful? ➔ They break the attacker

    kill chain and slow attackers down. ➔ They are straightforward and low-maintenance ➔ They help you test your incident response processes

  20. Out Of The Box Security Strategies ➔ HoneyPots have been

    seen to have high benefits in the on-prem infrastructure, so why not implement those on the cloud. ➔ Fo doing so, we have different strategies that we can implement. ➔ Deployment of honeypots is highly based on creativity and requirement. ➔ But more than that it is based on constant logging and monitoring.

  21. Demo

  22. None

  23. Questions?

  24. Thanks BsidesBHAM! :) 0xCardinal - Kumar Ashwin | hkh4cks -

    Hrushikesh Kakade