Security Engineer in Japan • GMO Cybersecurity by Ierae, Inc. • AWS title: AWS Community Builder • Security & Identity Builder since 2024 • My favorite AWS Services: • Amazon S3, AWS Lambda 2 https://scgajge12.github.io/
Identity Management • Vulnerable Applications and APIs Major Threats • Leakage of Customer or Internal Information • Tampering with Programs or Data or AWS Resource 6
(IaaS) • A Framework for Understanding and Addressing Security Incidents in Cloud Environments . • A framework that categorizes the tactics, techniques, and procedures (TTPs) used in targeted attacks • Targeted Attacks: attacks against specific organizations or individuals • Divides the Attack Lifecycle into 11 Tactics 8
• Obtain Credentials (IAM) to break into the AWS Environment • Points • The “Attacker” has an Anything Goes Style. • Wide variety of Attack Methods and Perspectives 12
Attacks • For Web Applications and APIs, Mobile, • Obtaining IAM from the EC2 Metadata Server • Obtaining Credential Information from Lambda Environment Variables • Obtain Hard-Coded Credentials for App 14 → Credential Acquisition
Generation Functions • Terms • Web App running on EC2 to enter any string and embed it in a PDF • Vulnerability Attacks • HTML Injection • Can embed any HTML tag (iframe) • SSRF (Server Side Request Forgery) • Can be accessed by throwing a request to the Internal Server (metadata service) 15
Generation Functions • SSRF via HTML Injection inside a PDF file on EC2 17 https://blog.appsecco.com/finding-ssrf-via-html-injection-inside-a-pdf-file-on-aws-ec2-214cc5ec5d90
and Malware Infections • Send malicious attachments via Email to infect people with Malware • Sending malicious URLs via Email to force victims to access Fake Web Sites 21 → Obtaining Confidential Information
Actions of the Attacker • Vulnerability Attacks • Leakage from Misconfiguration • Phishing and Malware Infections • Others • Obtain any information on the Internet • (GitHub, Internet Archive, Dark Web, ...) • Physical office intrusion into the company network • Gathering information through an inside job 23
• Investigation of IAM Permissions Obtained • Tools: Pace, … • IAM Privilege Elevation • Tampering with AWS Resources • Misuse • Extraction of Confidential Information • Misuse of AWS Services and Resources 24
Perspective 1. Understand “Sensitive Information” in the Cloud Environment 2. Assume a variety of External and Internal threats 3. Implement Security Measures for each target 4. Implement a Defense in Depth to minimize damage in the event of an initial intrusion 26 Points
of Lambda - Dangers and Security Measures due to Vulnerable Libraries • Serverless Security Risks - Vulnerability Attacks and Countermeasures in AWS Lambda • Security risks and countermeasures due to vulnerable use of Amazon S3 • CTF Cloud Issue Attack Methodology Summary (2021, 2022, 2023 Edition) • HTB Cloud Issue Attack Methodology Summary • Amazon EC2 Security (Vulnerability) Case Study • MFA Authentication Evasion and Examples of AWS Login by Phishing • Introduction to Cloud Security from an Offensive Perspective ~AWS Edition~ • ⭐ Introduction to Cloud Security - Threats and Countermeasures when Focusing on the AWS Environment from an Offensive Perspective 31 https://scgajge12.github.io/tags/cloud/
SiteGround - Reliable hosting with speed, security, and support you can count on.
scgajge12
hiroakis
cyberagentdevelopers
yoshidashingo
coco_se
line_developers_tw
ysd113
tkyowa
minorun365
harukasakihara
ykiyota
ry
paigeccino
maltzj
dougneiner
baasie
tammyeverts
holman
shpigford
tmiket
coloredviolet
ks91
![Intrusion Techniques in AWS Environment Ex: [Information Disclosure] S3 Bucket](https://files.speakerdeck.com/presentations/e4a165c33f1d4e46950ea983ac0ba968/slide_19.jpg){kind=link}
