Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Attack Emulation for Mere Mortals

Cloud Attack Emulation for Mere Mortals

Modern security teams, charged with securing cloud infrastructure often wear many hats based on job requirements. Where this is not possible, security teams need to rely on specialists with specific skills e.g. penetration testers, red/blue teamers, detection engineers, threat hunters ...

The specialists approach is useful and provides immense value, however, relying on specialists often comes with a compromise - waiting time. This introduces two challenges:

1️⃣ Due to time spent to hire or acquire specialists (internal or external), a huge window of opportunity is exposed for attackers to exploit.
2️⃣ All organizations are not equal; not every organization can afford these specialists.

Good news, there is a middle ground: cloud attack emulation. The aforementioned challenges could be addressed by leveraging cloud attack emulation! The basic idea of cloud attack emulation is to use adversarial tactics and techniques to emulate real world attacker behaviour against infrastructure.

Kennedy Torkura

September 11, 2023
Tweet

More Decks by Kennedy Torkura

Other Decks in Technology

Transcript

  1. @run2obtain Security folks often wear multiple hats due to the

    dynamic nature of cloud infrastructure. The security objectives must be achieved, despite limited resources & time ! 2
  2. @run2obtain Measuring security is challenging, but imperative. Effective security teams

    periodically make assessments and answer several important questions: o How efficient are our security objectives being achieved. o Are we seeing everything ? o Are we missing anything ? o Are we actually secure/insecure? And quickly getting the correct answers might be as critical as stopping attacks or unearthing blindspots ! 3
  3. @run2obtain Cloud attack emulation provides smart,quick feedback loops to answer

    questions around the effectiveness of a security program. 4
  4. @run2obtain 5 o The AndroxGh0st malware notoriously scans .env files

    for configuration data. Mostly, it targets hard-coded credentials in files (like source code) e.g. AWS API keys and secrets. o AndroxGh0st has “SMTP cracking” features and is capable of generating keys to conduct limited bruteforcing attacks. Reference - https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/
  5. Are the most critical events seen and addressed ? @run2obtain

    13 The absence of security events does not necessary imply all is well !
  6. Get your free trial today ! https://www.mitigant.io/sign-up For more details,

    visit us at https://www.mitigant.io/blog @run2obtain 15 https://www.mitigant.io/cloud-immunity