攻撃し続けた僕と検知したりしなかったりするツンデレの君(GuardDuty)の歴史

Transcript

1. The History of tsundere GuardDuty who can do or do

   not detect and me who keep attacking 攻撃し続けた僕と検知したりしなかったりする ツンデレの君(GuardDuty)の歴史 #jawsug #jawspankration2021 #jawspankration Usuda Keisuke / うすだけいすけ 1

2. 2 Who am I? / ⾃⼰紹介 Usuda Keisuke / ⾅⽥佳祐

   ・Classmethod, Inc. AWS BU Consulting Div. Senior Solution Architect Security Team Leader AWS Authorized Instructor ・Security-JAWS Member ・My favorite AWS Service: Amazon GuardDuty

3. 3 Story It was a sudden encounter. 出会いは突然だった

4. 4 In re:Invent 2017

5. 5 Introduction / 概要 What a wonderful feature! I fell

   in love with her at first sight. 素敵なセキュリティ機能 僕は彼⼥を⾒てひと⽬で恋 に落ちた

6. 6 However, She (GuardDuty) is Tsundere! しかし彼⼥はツンデレだった

7. 7 About Tsundere? / ツンデレとは Tsundere is a Japanese term

   for a character development process that depicts a character with a personality who is initially cold, stern, stoic, harsh, temperamental, hotheaded (and sometimes even hostile) before gradually showing a warmer, friendlier side over time. The word is derived from the terms tsun tsun (ツンツン) ('to turn away in disgust or anger') and dere dere (デレデレ) ('to become affectionate'). (by Wikipedia)

8. 8 About Tsundere? / ツンデレとは Originally found in Japanese bishōjo

   games, the word is now part of the otaku moe phenomenon, reaching into other media such as maid cafés, anime, manga, novels, and mass media. The term was made popular in the visual novel Kimi ga Nozomu Eien(Rumbling Hearts). (by Wikipedia)

9. 9 At the time of release / リリース当時 When I

   first met her, she was very aggressive. (Tsun Tsun) A lot of Alerts! (´・ω・｀) 最初はとにかく攻撃的(ツンツン) アラート沢⼭出してくる(´・ω・｀)

10. 10 Jealous / モテモテな彼⼥ On the other hand, she was

    severely attacked by various countries. She was being pampered. その頃の彼⼥は⾊んな国からの攻撃を 検知していました

11. 11 Update in May, 2018 / 2018年5⽉のアップデート Automatic archiving was

    possible. She became “Dere Dere” (affectionate). ⾃動アーカイブが出来るようになった アラートがなくなり、デレた

12. 12 In re:Invent 2018 I attended the event secretly without

    telling her. But she immediately detected that I was in Las Vegas by “UnauthorizedAccess”. 僕は彼⼥に内緒でre:Inventに⾏った しかし彼⼥は僕がラスベガスにいること をUnauthorizedAccessで検知した

13. 13 She was also Yandere! 彼⼥はヤンデレでもあったのです

14. 14 Evidence / エビデンス

15. 15 Meanwhile… / ⼀⽅その頃

16. 16 Update in May, 2019 / 2019年5⽉のアップデート She was then

    able to detect privilege escalation. It was slightly unstable, but it was a good feature. IAMの権限昇格を検知できるように 僕の攻撃に対して少し不器⽤だけどちゃ んと検知してくれた

17. 17 Detect Privilege Escalation / 権限昇格の検知 When an attack fails,

    she was detected “Persistence” instead of “Privilege Escalation ”↓ ↓ ↓ ↑ ↑ ↑ When an attack succeeds, she correctly detected “Privilege Escalation ”.

18. 18 Update in Feb, 2020 / 2020年2⽉のアップデート She began to

    detect more advanced attacks. She was then able to detect DNS rebinding. DNS Rebindingを検知できるように ⾮常に⾼度なテクニックを検知しました

19. 19 UnauthorizedAccess:EC2/MetaDataDNSRebind

20. 20 Update in Apr, 2020 / 2020年4⽉のアップデート AWS Chatbot was

    GA. Notification to Slack became very neat and clean. AWS Chatbotが正式リリース GuardDutyの通知がリッチに

21. 21 In Jun, 2020 / 2020年6⽉ I wrote a script

    for her. It was a script to easily generate privilege escalation. 私は簡単にGuardDutyをテストするため 権限昇格を発⽣させるスクリプトを書き ました

22. 22 I feel close to her.

23. 23 Happiness never lasts.

24. 24 Archived Finding Types. 18 Types

25. 25 Can I complete her route? She hasn't completely been

    “Dere Dere” (affectionate) to me yet. Can I complete her route and will be happy ending? まだまだデレデレまでは遠い 彼⼥のルートを攻略してハッピーエンド になる⽇は来るのか︖

26. 26 To Be Continued.