Explore a comprehensive conference talk that updates attack and defense playbooks for the cloud era. Delve into the interdependence of cloud systems and learn about pivoting through and defending these setups. Examine topics such as DDoS, footprinting, exploitation, persistence, and lateral movement in AWS environments. Discover techniques for searching S3 buckets, utilizing API keys, and manipulating Cloud Formation templates. Investigate privilege escalation methods, Lambda persistence, and federation in cloud setups. Gain insights on both offensive and defensive strategies for modern cloud-based infrastructures, equipping red and blue teamers with updated knowledge for the current threat landscape.
Fighting the Previous War - Attacking and Defending in the Era of the Cloud
Overview
Syllabus
Intro
Why we are here
DDoS
Footprinting
Uber SendGrid
Canary Tokens
Would you know
Exploitation
Compromise
Persistence
AWS
Functions in AWS
AWS Permissions
Search Space
Search the Internet
S3 buckets
Open S3 buckets
SQS
Queue URLs
AWS Forums
API Keys
Identity Documents
AMIs
AMIs in private lists
Side effects of API calls
We call 888
Lateral Movement
Cloud Formation
Modifying Cloud Formation Templates
Cloud Formation Templates in Language
Simple System Management
Privilege Escalation
Lambda Persistence
Lambda Persistence Example
Subverting Lambdas
Credentials
Lockout
Federation
Reusing Roles
Organizations
Login Disruption
Taught by
Black Hat
