Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security 101: Ultimate weapon against cyb...

Sena Yakut
December 24, 2023
0
110

Cloud Security 101: Ultimate weapon against cyber threats

Sena Yakut

December 24, 2023
Tweet

More Decks by Sena Yakut

See All by Sena Yakut
Securing Large Language Models- Threats and Mitigations
senayakut
0
29
Cloud Security Engineering: The Profession of the Future
senayakut
0
37
Gateway to Cloud Security Heaven: Our AWS Expedition
senayakut
0
280
DevSecOps Best Practices- Secure Everything You Have
senayakut
0
140
Securing The Sky Strategies For Protecting Against Cloud Hacking
senayakut
0
120
Cloud Security From Scratch
senayakut
0
80
Journey to the Cloud: An Introduction and Security Overview
senayakut
0
41
Explore Ten Ways to Secure The Cloud
senayakut
0
59
PartyRock-Your Security Supporters
senayakut
0
48

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Designing the Hi-DPI Web
ddemaree
280
34k
For a Future-Friendly Web
brad_frost
175
9.4k
It's Worth the Effort
3n
183
27k
Music & Morning Musume
bryan
46
6.2k
A designer walks into a library…
pauljervisheath
204
24k
What's in a price? How to price your products and services
michaelherold
243
12k
How to train your dragon (web standard)
notwaldorf
88
5.7k
How STYLIGHT went responsive
nonsquared
95
5.2k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k

Transcript

  1. Cloud Security 101: Ultimate weapon against cyber threats Sena Yakut,

    2023 01

  2. 02 About me Senior Cloud Security Engineer @Lyrebird Studio DevSecOps

    Team Lead & Senior CloudSec Engineer @PurpleBox Cyber Security & CloudSec Engineer @Vestel Master @EgeUniversity senayakut.com /sena-yakut Security & Identity @sena_yakutt

  3. 03 Cloud Security Statistics organizations stored sensitive data in the

    cloud in 2023, up from 49% in 2021. 75%

  4. 04 Cloud Security Statistics of companies said that they experienced

    a cloud security breach within the last 18 months 83%

  5. 05 Cloud Security Statistics organizations report that human error is

    the cause behind most cloud security breaches 82%

  6. 06 Cloud Security Statistics • IAM misconfiguration (17%) • Object

    storage misconfiguration (20%) • Insecure use of data backups (23%) • Insecure API keys (20%) • Lack of monitoring (20%) Cloud Security incidents

  7. 07 Cloud Security Statistics organizations have indicated that phishing is

    the most prevalent approach attackers use to obtain legitimate cloud credentials 51%

  8. 08 Publicl y accessible Resources • Object storage services, •

    Databases, • Exposable API endpoints, • Backup files, • Code storage environments, • Internal dashboards. ->Always follow at least privilege, for all cloud resources. ->Review & audit regularly.

  9. ExamPLE SCENARIO - 1 STEP 1 Investigate DNS records of

    a website. Amazon S3 bucket founded. STEP 2 Check the bucket objects if you can access. STEP 3 Find IAM keys and SSH key.

  10. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

  11. ExamPLE SCENARIO - 1 STEP 4 Check test user access

    and IAM policy. STEP 5 See EC2 access and get EC2 details. STEP 6 List EC2 instances and connect one with SSH key in the S3 bucket.

  12. ExamPLE SCENARIO - 1 STEP 7 Check the EC2 IAM

    instance role policy and access list. STEP 8 Try to do privilege escalation. STEP 9 Get administrator access! :)

  13. 13 Exploits and vulnerabilities still there • For servers, containers,

    your managed databases, API endpoints, etc.. • Data exposures, data breaches, • Insecure dashboards, panels. • Supply chain attacks. ->Always follow at least privilege, for all cloud resources. ->Scan regularly, find vulnerabilities, and patch them as soon as possible. -> API security is still one of the most important issue.

  14. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

  15. ExamPLE SCENARIO - 2 STEP 1 Do port scan to

    server public IP. See there is a web server & Jira hosted on EC2 server. STEP 2 Check the Jira version and research CVEs and scenarios. STEP 3 Find SSRF for AWS credentials! :)

  16. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :)

  17. ExamPLE SCENARIO - 2 STEP 4 Check the SSRF details.

    STEP 5 Test SSRF with the AWS specific parameters. STEP 6 Get AWS credentials and use them :) For EC2: 169.254.169.254 is important.

  18. 18 IAM is the key for all cloud providers •

    Identity access management, • Users, policies, roles, • Cross-account accesses, • Hardcoded and long-lived IAM credentials in your code, ->Use SSO. ->Enable MFA & password policy. ->Review & audit regularly. ->Scan your code regularly to detect secrets. ->Do not hardcode any credentials.

  19. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials. Dockerfile that illustrates what not to do Don’t let this fool you—the sensitive data is still included in the image Different layers, so you can check credentials for every layer

  20. ExamPLE SCENARIO - 3 STEP 1 OSINT publicly accessible resources.

    STEP 2 Find publicly accessible docker images in Docker Hub. STEP 3 Extract image layers and files. Find AWS credentials.

  21. Questions? Sena Yakut, 2023 21