Attacking Storage Services - The Lynchpin of Cloud Services
Hack In The Box Security Conference via YouTube
Overview
Syllabus
Intro
Attacking Storage Services: Lynchpin of Cloud Services
Agenda How I am going to bore you for next 30 minutes
Cloud Storage: Why Attack
Writable Public Storages
Authenticated User Access
Rocket.chat Installer
Fwupd CVE-2020-10759
Attack: Enumeration
AWS S3 Buckets Enumeration
Cloud Bucket URL Scraper
AWS Cloud Bucket Search Engine
Google Dork in Action
Attack: Identification and Exploitation
Azure SAS URL'S
Storage Attacks: Azure
Connecting to Azure Storage
Attack: Post Exploitation
Credential Harvesting Hunting for the usemame
Case Study: SSRF to EC2 takeover
Case Study: Paas: Elastic Beanstalk
Case Study: AWS Cognito Analysis
Vendor Warnings
Tenant: Periodic Scan: Scout Suite
Tenant: Prepare for Disaster
Additional Reference Material
Taught by
Hack In The Box Security Conference