Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security 101: Ultimate weapon against cyber threats

Sena Yakut
December 24, 2023
0
92

Cloud Security 101: Ultimate weapon against cyber threats

Sena Yakut

December 24, 2023
Tweet

More Decks by Sena Yakut

See All by Sena Yakut
DevSecOps Best Practices- Secure Everything You Have
senayakut
0
93
Securing The Sky Strategies For Protecting Against Cloud Hacking
senayakut
0
67
Cloud Security From Scratch
senayakut
0
66
Journey to the Cloud: An Introduction and Security Overview
senayakut
0
20
Explore Ten Ways to Secure The Cloud
senayakut
0
38
PartyRock-Your Security Supporters
senayakut
0
32
AWS_Security_Best_Practices.pdf
senayakut
0
570
Exploring Cloud Security in the Landscape of Future Technologies
senayakut
0
30
Are Your APIs Really Secure? Are You Sure?
senayakut
0
23

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
Why Our Code Smells
bkeepers
PRO
331
56k
What the flash - Photography Introduction
edds
64
11k
Statistics for Hackers
jakevdp
790
220k
Code Review Best Practice
trishagee
56
15k
What's new in Ruby 2.0
geeforr
338
31k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Git: the NoSQL Database
bkeepers
PRO
423
63k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
The Invisible Side of Design
smashingmag
294
49k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
12
1.1k

Transcript

  1. Cloud Security 101: Ultimate weapon against cyber threats Sena Yakut,

    2023 01

  2. 02 About me Senior Cloud Security Engineer @Lyrebird Studio DevSecOps

    Team Lead & Senior CloudSec Engineer @PurpleBox Cyber Security & CloudSec Engineer @Vestel Master @EgeUniversity senayakut.com /sena-yakut Security & Identity @sena_yakutt

  3. 03 Cloud Security Statistics organizations stored sensitive data in the

    cloud in 2023, up from 49% in 2021. 75%

  4. 04 Cloud Security Statistics of companies said that they experienced

    a cloud security breach within the last 18 months 83%

  5. 05 Cloud Security Statistics organizations report that human error is

    the cause behind most cloud security breaches 82%

  6. 06 Cloud Security Statistics • IAM misconfiguration (17%) • Object

    storage misconfiguration (20%) • Insecure use of data backups (23%) • Insecure API keys (20%) • Lack of monitoring (20%) Cloud Security incidents

  7. 07 Cloud Security Statistics organizations have indicated that phishing is

    the most prevalent approach attackers use to obtain legitimate cloud credentials 51%

  8. 08 Publicl y accessible Resources • Object storage services, •

    Databases, • Exposable API endpoints, • Backup files, • Code storage environments, • Internal dashboards. ->Always follow at least privilege, for all cloud resources. ->Review & audit regularly.

  9. ExamPLE SCENARIO - 1 STEP 1 Investigate DNS records of

    a website. Amazon S3 bucket founded. STEP 2 Check the bucket objects if you can access. STEP 3 Find IAM keys and SSH key.

  10. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

  11. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

  12. ExamPLE SCENARIO - 1 STEP 7 Check the EC2 IAM

    instance role policy and access list. STEP 8 Try to do privilege escalation. STEP 9 Get administrator access! :)

  13. 13 Exploits and vulnerabilities still there • For servers, containers,

    your managed databases, API endpoints, etc.. • Data exposures, data breaches, • Insecure dashboards, panels. • Supply chain attacks. ->Always follow at least privilege, for all cloud resources. ->Scan regularly, find vulnerabilities, and patch them as soon as possible. -> API security is still one of the most important issue.

  14. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

  15. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

  16. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :)

  17. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :) For EC2: 169.254.169.254 is important.

  18. 18 IAM is the key for all cloud providers •

    Identity access management, • Users, policies, roles, • Cross-account accesses, • Hardcoded and long-lived IAM credentials in your code, ->Use SSO. ->Enable MFA & password policy. ->Review & audit regularly. ->Scan your code regularly to detect secrets. ->Do not hardcode any credentials.

  19. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials. Dockerfile that illustrates what not to do Don’t let this fool you—the sensitive data is still included in the image Different layers, so you can check credentials for every layer

  20. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials.

  21. Questions? Sena Yakut, 2023 21