Presentation Material

Abstract

There have been patterns that have been found in AWS environment while exploring insecure S3 buckets, misconfiguration and compromised credentials flaws. These flaws are an outcome of the way the particular environment was configured and is not a flaw in AWS services itself, and are therefore inevitable. Finding the flaws relies on specific knowledge and approach as these attacks are specific. . There has been increasing use of AWS services,migration has increased multifold as well. As a result, it is important to challenge existing AWS security measures to be able to detect potential issues. . Description of Research Topic The intent here is to highlight the fact that pentesting cloud environment comes with legal considerations. AWS has established a policy that requires a customer to raise a permission request to be able to conduct penetration tests and vulnerability scans to or originating from the AWS environment. We can focus on user-owned entities, identity and access management, user permissions configuration and use of the AWS API integrated into the AWS ecosystem. Some of the examples would be targeting and compromising AWS IAM keys, establishing access through backdoor functions provisioned through different services, testing S3 bucket configuration and permission flaws and covering tracks by obfuscating CloudTrail logs.

Takeaway for the Audience from the Talk: There is no standard methodology to pentest AWS environments, as it is dependent on the type and size of infrastructure being tested and the varied services of the AWS. Looking at a configuration/feature, it can be used to perform an action which is not expected. The security audit/assessment which includes these flaws discovered in the AWS environment is a value add for the application owner’s organization, as these vulnerabilities would not have been detected by any tool, basic pentesting (based only on OWASP Top 10 or WASC Classification), and/or scanner. The attendees will get an overview of different tools available to aid in pentesting cloud-specific environments, a short demo about a couple of tools, what different aspects are covered by a different set of tools, and how to use all of this an exhaustive toolset for a comprehensive pentest.

1. Developing an approach toward pentesting a specific cloud environment
2. Different tools available for pentesting cloud-specific environments,short demo on couple of tools.
3. Areas to look in an AWS for flaws and misconfiguration, understanding shared responsibility model.

AI Generated Summary^{may contain errors}

Here is a summary of the content:

Tool Overview

The tool being discussed is Prowler, which is used for AWS assessment and security checks. It can be used to identify gaps in security configuration and provide a report that can serve as a starting point for penetration testing.

Features

• Checks security groups, logging, monitoring, and networking connections
• Generates reports in PDF or CSV format
• Can run specific checks or multiple instances on different accounts simultaneously
• Based on the CIS Amazon Web Services Benchmark 1.1 and updated regularly

Best Practices

• Disable root access key and use IAM users instead
• Use MFA for each user
• Rotate keys regularly
• Do not allow public IP addresses to access EC2 instances
• Apply proper S3 bucket policies
• Create all resources within a VPC
• Set up alarms on the AWS account

Using Prowler

• Can be run every morning to filter output and create reports for DevOps teams
• Report format can be set to diff format, highlighting changes from previous reports
• Low false positives due to direct configuration data from the AWS account

Let me know if you’d like me to clarify or expand on any of these points!