Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Attack Emulation for Mere Mortals

Kennedy Torkura
September 11, 2023
Technology
0
57

Cloud Attack Emulation for Mere Mortals

Modern security teams, charged with securing cloud infrastructure often wear many hats based on job requirements. Where this is not possible, security teams need to rely on specialists with specific skills e.g. penetration testers, red/blue teamers, detection engineers, threat hunters ...

The specialists approach is useful and provides immense value, however, relying on specialists often comes with a compromise - waiting time. This introduces two challenges:

1️⃣ Due to time spent to hire or acquire specialists (internal or external), a huge window of opportunity is exposed for attackers to exploit.
2️⃣ All organizations are not equal; not every organization can afford these specialists.

Good news, there is a middle ground: cloud attack emulation. The aforementioned challenges could be addressed by leveraging cloud attack emulation! The basic idea of cloud attack emulation is to use adversarial tactics and techniques to emulate real world attacker behaviour against infrastructure.

Kennedy Torkura

September 11, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
The Cyber Resilience Chasm
ktorkura
0
14
Outcome vs Output Security Approaches
ktorkura
0
100
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
180
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
35
CERT Resilience Management Model
ktorkura
0
63
Security Experimentation Builds Resilience
ktorkura
0
17
Security Chaos Engineering for Fun & Profit
ktorkura
0
30
Risk Driven Fault Injection
ktorkura
0
74
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
70

Other Decks in Technology

See All in Technology
アクセス制御にまつわる改善 / Improving access control
itkq
0
560
ServiceNow Knowledge Learning Rise up
manarobot
0
210
私が trocco を推す理由
__allllllllez__
1
270
Janus
bkuhlmann
1
490
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
2
810
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
760
BPStudyの200回を中心にIT業界を振り返る。そしてこれから
haru860
3
300
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
320
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
200
地理空間データ可視化・解析・活用ソリューション Pacific Spatial Solutions (PSS)
pacificspatialsolutions
0
300
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
3
570
VS CodeでAWSを操作しよう
smt7174
8
1.8k

Featured

See All Featured
How GitHub (no longer) Works
holman
304
140k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k
Embracing the Ebb and Flow
colly
80
4.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
Rails Girls Zürich Keynote
gr2m
91
13k
Designing the Hi-DPI Web
ddemaree
276
33k
Typedesign – Prime Four
hannesfritz
36
2.1k
Building Your Own Lightsaber
phodgson
99
5.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
The Language of Interfaces
destraynor
151
23k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k

Transcript

  1. Cloud Attack Emulation for Mere Mortals @run2obtain 1

  2. @run2obtain Security folks often wear multiple hats due to the

    dynamic nature of cloud infrastructure. The security objectives must be achieved, despite limited resources & time ! 2

  3. @run2obtain Measuring security is challenging, but imperative. Effective security teams

    periodically make assessments and answer several important questions: o How efficient are our security objectives being achieved. o Are we seeing everything ? o Are we missing anything ? o Are we actually secure/insecure? And quickly getting the correct answers might be as critical as stopping attacks or unearthing blindspots ! 3

  4. @run2obtain Cloud attack emulation provides smart,quick feedback loops to answer

    questions around the effectiveness of a security program. 4

  5. @run2obtain 5 o The AndroxGh0st malware notoriously scans .env files

    for configuration data. Mostly, it targets hard-coded credentials in files (like source code) e.g. AWS API keys and secrets. o AndroxGh0st has “SMTP cracking” features and is capable of generating keys to conduct limited bruteforcing attacks. Reference - https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/

  6. @run2obtain 6

  7. @run2obtain 7

  8. @run2obtain 8

  9. @run2obtain 9

  10. @run2obtain 10

  11. @run2obtain 11

  12. @run2obtain 12

  13. Are the most critical events seen and addressed ? @run2obtain

    13 The absence of security events does not necessary imply all is well !

  14. Leverage Mitigant Cloud Immunity to Emulate Cloud Attacks Seamlessly @run2obtain

    14 https://www.mitigant.io/cloud-immunity

  15. Get your free trial today ! https://www.mitigant.io/sign-up For more details,

    visit us at https://www.mitigant.io/blog @run2obtain 15 https://www.mitigant.io/cloud-immunity