Making Mistakes Publicly: Cloud Edition – Aviata Solo Flight Challenge Chapter 1



Public Cloud Environments can make things, well, rather public. While there are ways to prevent this, and the cloud providers have made strides, retroactive changes are not a thing. As such, we still find very poorly configured environments today. 

 

Join us for this first of eight workshops in the Aviata Solo Flight Challenge Workshop series. We will show you how to look at a target organization's misconfigured public items. This lab will begin by showing you how to obtain a user's account number; from here, you can further look for public items in different storage environments. Finally, you can take advantage and find additional things within the environment.

 

Requirements to complete this lab:

  1. Amazon AWS Range
  • You must bring an AWS Account to launch a system and connect remotely. If you need an AWS account, you can create a free tier account with root access at https://aws.amazon.com/free/
  • You will need to be able to run Terraform locally and create objects within this account.
  • You will need a set of Access Keys to your account to move into the docker container

     2. Local device

  • You must run a local version of Docker with/ X86 support on it. ARM processors such as Mac M1 are not going to be supported

Learning Objectives:

  • Modeling attack groups that are currently untracked but are compromising cloud assets
  • Look at the attack surfaces and how to discover open buckets, open images, open snapshots which could lead to sensitive information leakage
  • Learn to how to detect and harden these environments

Prerequisite Knowledge

  • Comfortability in Linux Command Line
  • Basic Knowledge of AWS Administration
  • Basic Usage of running Terraform (build, apply, destroy)
  • System Administration usage in SSH

This workshop supports content and knowledge from SEC588: Cloud Penetration Testing.

 

Follow the Aviata Solo Flight Challenge story through the rest of 2024 with free monthly cloud security workshops that will walk you through how various knowledge and hands-on skills work together to create a secure cloud environment for your organization. Read the associated blog post here.

Speaker and Presenter Information

Moses Frost

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Members who viewed this event also viewed:


Event Type
Webcast


When
Tue, Apr 16, 2024, 10:00am ET


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
SANS Institute


Contact Event Organizer



Return to search results