Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Attack Emulation for Mere Mortals

Kennedy Torkura
September 11, 2023
Technology
0
91

Cloud Attack Emulation for Mere Mortals

Modern security teams, charged with securing cloud infrastructure often wear many hats based on job requirements. Where this is not possible, security teams need to rely on specialists with specific skills e.g. penetration testers, red/blue teamers, detection engineers, threat hunters ...

The specialists approach is useful and provides immense value, however, relying on specialists often comes with a compromise - waiting time. This introduces two challenges:

1️⃣ Due to time spent to hire or acquire specialists (internal or external), a huge window of opportunity is exposed for attackers to exploit.
2️⃣ All organizations are not equal; not every organization can afford these specialists.

Good news, there is a middle ground: cloud attack emulation. The aforementioned challenges could be addressed by leveraging cloud attack emulation! The basic idea of cloud attack emulation is to use adversarial tactics and techniques to emulate real world attacker behaviour against infrastructure.

Kennedy Torkura

September 11, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
The Cyber Resilience Chasm
ktorkura
0
25
Outcome vs Output Security Approaches
ktorkura
0
200
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
310
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
50
CERT Resilience Management Model
ktorkura
0
80
Security Experimentation Builds Resilience
ktorkura
0
27
Security Chaos Engineering for Fun & Profit
ktorkura
0
43
Risk Driven Fault Injection
ktorkura
0
87
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
94

Other Decks in Technology

See All in Technology
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
The Rise of LLMOps
asei
7
1.5k
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
120
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
380
Platform Engineering for Software Developers and Architects
syntasso
1
520
Taming you application's environments
salaboy
0
190
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
120

Featured

See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
How STYLIGHT went responsive
nonsquared
95
5.2k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Become a Pro
speakerdeck
PRO
25
5k
Making Projects Easy
brettharned
115
5.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k

Transcript

  1. Cloud Attack Emulation for Mere Mortals @run2obtain 1

  2. @run2obtain Security folks often wear multiple hats due to the

    dynamic nature of cloud infrastructure. The security objectives must be achieved, despite limited resources & time ! 2

  3. @run2obtain Measuring security is challenging, but imperative. Effective security teams

    periodically make assessments and answer several important questions: o How efficient are our security objectives being achieved. o Are we seeing everything ? o Are we missing anything ? o Are we actually secure/insecure? And quickly getting the correct answers might be as critical as stopping attacks or unearthing blindspots ! 3

  4. @run2obtain Cloud attack emulation provides smart,quick feedback loops to answer

    questions around the effectiveness of a security program. 4

  5. @run2obtain 5 o The AndroxGh0st malware notoriously scans .env files

    for configuration data. Mostly, it targets hard-coded credentials in files (like source code) e.g. AWS API keys and secrets. o AndroxGh0st has “SMTP cracking” features and is capable of generating keys to conduct limited bruteforcing attacks. Reference - https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/

  6. @run2obtain 6

  7. @run2obtain 7

  8. @run2obtain 8

  9. @run2obtain 9

  10. @run2obtain 10

  11. @run2obtain 11

  12. @run2obtain 12

  13. Are the most critical events seen and addressed ? @run2obtain

    13 The absence of security events does not necessary imply all is well !

  14. Leverage Mitigant Cloud Immunity to Emulate Cloud Attacks Seamlessly @run2obtain

    14 https://www.mitigant.io/cloud-immunity

  15. Get your free trial today ! https://www.mitigant.io/sign-up For more details,

    visit us at https://www.mitigant.io/blog @run2obtain 15 https://www.mitigant.io/cloud-immunity