Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Attack Emulation for Mere Mortals

Kennedy Torkura
September 11, 2023
Technology
0
90

Cloud Attack Emulation for Mere Mortals

Modern security teams, charged with securing cloud infrastructure often wear many hats based on job requirements. Where this is not possible, security teams need to rely on specialists with specific skills e.g. penetration testers, red/blue teamers, detection engineers, threat hunters ...

The specialists approach is useful and provides immense value, however, relying on specialists often comes with a compromise - waiting time. This introduces two challenges:

1️⃣ Due to time spent to hire or acquire specialists (internal or external), a huge window of opportunity is exposed for attackers to exploit.
2️⃣ All organizations are not equal; not every organization can afford these specialists.

Good news, there is a middle ground: cloud attack emulation. The aforementioned challenges could be addressed by leveraging cloud attack emulation! The basic idea of cloud attack emulation is to use adversarial tactics and techniques to emulate real world attacker behaviour against infrastructure.

Kennedy Torkura

September 11, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
The Cyber Resilience Chasm
ktorkura
0
25
Outcome vs Output Security Approaches
ktorkura
0
190
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
300
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
49
CERT Resilience Management Model
ktorkura
0
80
Security Experimentation Builds Resilience
ktorkura
0
27
Security Chaos Engineering for Fun & Profit
ktorkura
0
43
Risk Driven Fault Injection
ktorkura
0
87
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
92

Other Decks in Technology

See All in Technology
わたしとトラックポイント / TrackPoint tips
masahirokawahara
1
240
一休.comレストランにおけるRustの活用
kymmt90
3
580
[JAWS-UG金沢支部×コンテナ支部合同企画]コンテナとは何か
furuton
3
260
Java x Spring Boot Warm up
kazu_kichi_67
2
490
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
AWSコンテナ本出版から3年経った今、もし改めて執筆し直すなら / If I revise our container book
iselegant
15
4k
MAMを軸とした動画ハンドリングにおけるAI活用前提の整備と次世代ビジョン / abema-ai-mam
cyberagentdevelopers
PRO
1
110
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
4.1k
ユーザーの購買行動モデリングとその分析 / dsc-purchase-analysis
cyberagentdevelopers
PRO
2
100
なんで、私がAWS Heroに!? 〜社外の広い世界に一歩踏み出そう〜
minorun365
PRO
6
1.1k
AWS CodePipelineでコンテナアプリをデプロイした際に、古いイメージを自動で削除する
smt7174
1
100

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
65
4.4k
Designing Experiences People Love
moore
138
23k
Speed Design
sergeychernyshev
24
570
Product Roadmaps are Hard
iamctodd
PRO
48
10k
Typedesign – Prime Four
hannesfritz
39
2.4k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Thoughts on Productivity
jonyablonski
67
4.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
YesSQL, Process and Tooling at Scale
rocio
167
14k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k

Transcript

  1. Cloud Attack Emulation for Mere Mortals @run2obtain 1

  2. @run2obtain Security folks often wear multiple hats due to the

    dynamic nature of cloud infrastructure. The security objectives must be achieved, despite limited resources & time ! 2

  3. @run2obtain Measuring security is challenging, but imperative. Effective security teams

    periodically make assessments and answer several important questions: o How efficient are our security objectives being achieved. o Are we seeing everything ? o Are we missing anything ? o Are we actually secure/insecure? And quickly getting the correct answers might be as critical as stopping attacks or unearthing blindspots ! 3

  4. @run2obtain Cloud attack emulation provides smart,quick feedback loops to answer

    questions around the effectiveness of a security program. 4

  5. @run2obtain 5 o The AndroxGh0st malware notoriously scans .env files

    for configuration data. Mostly, it targets hard-coded credentials in files (like source code) e.g. AWS API keys and secrets. o AndroxGh0st has “SMTP cracking” features and is capable of generating keys to conduct limited bruteforcing attacks. Reference - https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/

  6. @run2obtain 6

  7. @run2obtain 7

  8. @run2obtain 8

  9. @run2obtain 9

  10. @run2obtain 10

  11. @run2obtain 11

  12. @run2obtain 12

  13. Are the most critical events seen and addressed ? @run2obtain

    13 The absence of security events does not necessary imply all is well !

  14. Leverage Mitigant Cloud Immunity to Emulate Cloud Attacks Seamlessly @run2obtain

    14 https://www.mitigant.io/cloud-immunity

  15. Get your free trial today ! https://www.mitigant.io/sign-up For more details,

    visit us at https://www.mitigant.io/blog @run2obtain 15 https://www.mitigant.io/cloud-immunity