Cloud Security 101: Ultimate weapon against cyber threats

Transcript

1. Cloud Security 101: Ultimate weapon against cyber threats Sena Yakut,

   2023 01

2. 02 About me Senior Cloud Security Engineer @Lyrebird Studio DevSecOps

   Team Lead & Senior CloudSec Engineer @PurpleBox Cyber Security & CloudSec Engineer @Vestel Master @EgeUniversity senayakut.com /sena-yakut Security & Identity @sena_yakutt

3. 03 Cloud Security Statistics organizations stored sensitive data in the

   cloud in 2023, up from 49% in 2021. 75%

4. 04 Cloud Security Statistics of companies said that they experienced

   a cloud security breach within the last 18 months 83%

5. 05 Cloud Security Statistics organizations report that human error is

   the cause behind most cloud security breaches 82%

6. 06 Cloud Security Statistics • IAM misconfiguration (17%) • Object

   storage misconfiguration (20%) • Insecure use of data backups (23%) • Insecure API keys (20%) • Lack of monitoring (20%) Cloud Security incidents

7. 07 Cloud Security Statistics organizations have indicated that phishing is

   the most prevalent approach attackers use to obtain legitimate cloud credentials 51%

8. 08 Publicl y accessible Resources • Object storage services, •

   Databases, • Exposable API endpoints, • Backup files, • Code storage environments, • Internal dashboards. ->Always follow at least privilege, for all cloud resources. ->Review & audit regularly.

9. ExamPLE SCENARIO - 1 STEP 1 Investigate DNS records of

   a website. Amazon S3 bucket founded. STEP 2 Check the bucket objects if you can access. STEP 3 Find IAM keys and SSH key.

10. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

11. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

12. ExamPLE SCENARIO - 1 STEP 7 Check the EC2 IAM

    instance role policy and access list. STEP 8 Try to do privilege escalation. STEP 9 Get administrator access! :)

13. 13 Exploits and vulnerabilities still there • For servers, containers,

    your managed databases, API endpoints, etc.. • Data exposures, data breaches, • Insecure dashboards, panels. • Supply chain attacks. ->Always follow at least privilege, for all cloud resources. ->Scan regularly, find vulnerabilities, and patch them as soon as possible. -> API security is still one of the most important issue.

14. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

15. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

16. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :)

17. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :) For EC2: 169.254.169.254 is important.

18. 18 IAM is the key for all cloud providers •

    Identity access management, • Users, policies, roles, • Cross-account accesses, • Hardcoded and long-lived IAM credentials in your code, ->Use SSO. ->Enable MFA & password policy. ->Review & audit regularly. ->Scan your code regularly to detect secrets. ->Do not hardcode any credentials.

19. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials. Dockerfile that illustrates what not to do Don’t let this fool you—the sensitive data is still included in the image Different layers, so you can check credentials for every layer

20. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials.

21. Questions? Sena Yakut, 2023 21