avatarTeri Radichel

Summarize

Real World Cloud Compromise

Sample Findings from 2nd Sight Lab Penetration Tests

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🔒 Related Stories: Data Breaches

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AWS India User Group recently invited me to speak at AWS Women in Tech Day 2020. What an honor to participate with other women in tech who are sharing their technical knowledge with those in the community! Women from around the world participated, such as the AWS Girls Peru and Marcia Villalba, someone I met in person at an AWS influencer conference in Seattle back when we could do that sort of thing. She runs a YouTube channel called Foobar. The presentations were available only to women in real-time, but now anyone can watch them here.

I spoke at this conference about Real World Cloud Compromise and some of the things 2nd Sight Lab finds on penetration tests. As I explain at the end of the talk, this isn’t a complete list. I chose most of the findings in this presentation because they are common in cloud data breaches, bug bounty findings, and pentests of AWS and other cloud environments.

Besides basic misconfigurations and OWASP top 10 application security flaws, I will spend time trying to reverse-engineer an application if time allows. My background as a programmer for too many years (makes me feel old) reverse-engineering systems to upgrade and improve them helps — that and certifications in malware reverse-engineering and advanced penetration testing.

Reverse-engineering may or may not be possible within the test time frame, especially if many other vulnerabilities exist to report. Also, attackers have years to find flaws in your systems. I have a few weeks, so besides the things I can exploit, I give customers an assessment of vulnerabilities that have high potential to lead to an exploit, given more time. They have the option to hire me for additional time or just fix the problem. I hope they fix it!

For the basic penetration testing steps, I have a few people that help me, and we are always working on automation to improve that process. I’m currently writing some blog posts about using Golang because I intend to use it for some new penetration testing tools. Follow along if you’d like to learn more about that language and why I chose it.

Automation is one of the strategies in our arsenal for pentests. The less time we spend finding basic vulnerabilities, the more we can spend on finding the more complex issues that require manual review. If you are an IANS customer, I wrote a paper on how you can create an API fuzzer. I also talked about that at RSA earlier this year — the last conference I was able to speak at in person.

I also recommend security best practices in our penetration test findings, something I didn’t mention in my talk. You’ll want to monitor for security problems, as well as prevent them. I provide some places you can find security best practices at the end of the talk, such as all the OWASP resources (more than just the top 10!) and the CIS Benchmarks. Of course, you should read and follow all the cloud provider security guidance provided in the documentation for each service and other resources such as the AWS Security Blog. I also provide my own lists of best practices for each section we cover in my cloud security class.

If you want to see the findings, please check out the video. Please bear in mind this was my first ever video, and I had about 48 hours to figure out how to do it! I got help from some folks on Twitter and plan to fix up the background in future videos. Always more to learn!

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2020

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Penetration Test
Penetration Testing
Aws Penetration Test
Aws Security Assessment
Penetration Tester
Recommended from ReadMedium
avatarAlistair Grew
VMware wants to charge me how much???

The shakeup of ‘Private Clouds’ and the possibility of a Googley Future.

4 min read
avatarMaciej Pocwierz
How an empty S3 bucket can make your AWS bill explode

Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?

4 min read
avatarEric Larssen
It’s Time to Retire Terraform

Terraform exists in many people’s hearts much like a friend or a loved one, or maybe even an enemy. Whether it’s your job to maintain the…

10 min read
avatarGiorgio Malaguti, Ph.D.
How a Computer Science Engineer sees guitar music — the Major scale

The first bit I would like to share is a fundamental one: the Major scale.

5 min read
avatarMunidimple Muchalli
AWS GuardDuty

AWS Guard Duty

4 min read
avatarLizzie Moratti
The Crow Flies at Midnight — Exploring Red Team Persistence via AWS Lex Chatbots

Today, we will look at using an AWS Lex Service chatbot as a persistence method for a red teamer. This entire blog post is more of a fun…

9 min read