SlideShare a Scribd company logo

Battle in the Clouds - Attacker vs Defender on AWS

C
CloudVillage

The document discusses various strategies and tools for enhancing security in AWS environments, including the shared responsibility model and infrastructure as code practices with HashiCorp Terraform and Packer. It highlights the importance of secret management with HashiCorp Vault, interservice communication security using TLS, and the use of Web Application Firewalls (WAF) like AWS WAF and NAXSI. Additionally, it mentions AWS services like GuardDuty and Inspector to detect threats and assess security compliance.

Technology
Related topics:
Cloud Security Insights
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Battle in the Clouds: Attacker vs Defender on AWS Dani Goland Mohsan Farid
Shared Responsibility Model
Hummus Bombing Celery Workers
Relay 101
Exchange Abuse
Exchange Abuse
Exchange Abuse
Exchange Abuse
Pivoting isn’t always easy but it sho is fun!
Everybody Wants To Rule The World
Shell Yeah!
Lateral-aly
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation
Battle in the Clouds - Attacker vs Defender on AWS
Infrastructure As Code (Hashicorp Terraform / AWS Cloudformation)
Immutable Infrastructure(Hashicorp Packer) • Bake AMIs with Packer • Use Ansible to harden the OS • https://github.com/openstack/ansi ble-hardening
Secret Management • Hashicorp Vault/AWS SSM Parameter Store • Granular control over access to secrets • Automatic generation of short-lived DB credentials(Vault)
Interservice Communication • Use TLS • Manage your own keys via Vault • Use Consul Connect sidecar to automatically proxy your traffic encrypted.
WAF • AWS WAF Custom Rules or Managed Rules • Open Source Solutions Like NAXSI(with NGINX) https://github.com/nbs-system/naxsi
Example Architecture • ALB à NGINX(w/ NAXSI) à ECS with Consul Connect Sidecar à Vault
AWS Services Guard Duty – A threat detection service that continuously monitors for malicious activity and unauthorized behavior. Inspector - An automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
VirusBay Registration Code: “DEFCON27”

More Related Content

PDF
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
PDF
Pragmatic Cloud Security Automation
CloudVillage
 
PPTX
Scaling Security in the Cloud With Open Source
CloudVillage
 
PDF
Serverless security - how to protect what you don't see?
Sqreen
 
PPTX
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
PPTX
Automated Intrusion Detection and Response on AWS
2nd Sight Lab
 
PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
PPTX
EKS security best practices
John Varghese
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
Pragmatic Cloud Security Automation
CloudVillage
 
Scaling Security in the Cloud With Open Source
CloudVillage
 
Serverless security - how to protect what you don't see?
Sqreen
 
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
Automated Intrusion Detection and Response on AWS
2nd Sight Lab
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
EKS security best practices
John Varghese
 

What's hot (15)

PPTX
Native cloud security monitoring
John Varghese
 
PPTX
Crypto Miners in the Cloud
2nd Sight Lab
 
PDF
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
CloudVillage
 
PPTX
Shift Left - How to improve your security with checkov before it’s going to p...
Anton Grübel
 
PDF
Netflix Open Source Meetup Season 4 Episode 3
aspyker
 
PPTX
Security for Complex Networks on AWS
2nd Sight Lab
 
PDF
Mini-Training: Netflix Simian Army
Betclic Everest Group Tech Team
 
PDF
Defending your workloads with aws waf and deep security
Mark Nunnikhoven
 
PDF
Brian Ketelsen - Microservices in Go using Micro - Codemotion Milan 2017
Codemotion
 
PPTX
Los Angeles AWS Users Group - Athena Deep Dive
Kevin Epstein
 
PPTX
Securing AWS Accounts with Hashi Vault
Shrivatsa Upadhye
 
PPTX
Packet Capture on AWS
2nd Sight Lab
 
PPTX
Shared Security Responsibility Model of AWS
Akshay Mathur
 
PPTX
Cloud native policy enforcement with Open Policy Agent
LibbySchulze
 
PDF
AWS temporary credentials challenges in prevention detection mitigation
John Varghese
 
Native cloud security monitoring
John Varghese
 
Crypto Miners in the Cloud
2nd Sight Lab
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
CloudVillage
 
Shift Left - How to improve your security with checkov before it’s going to p...
Anton Grübel
 
Netflix Open Source Meetup Season 4 Episode 3
aspyker
 
Security for Complex Networks on AWS
2nd Sight Lab
 
Mini-Training: Netflix Simian Army
Betclic Everest Group Tech Team
 
Defending your workloads with aws waf and deep security
Mark Nunnikhoven
 
Brian Ketelsen - Microservices in Go using Micro - Codemotion Milan 2017
Codemotion
 
Los Angeles AWS Users Group - Athena Deep Dive
Kevin Epstein
 
Securing AWS Accounts with Hashi Vault
Shrivatsa Upadhye
 
Packet Capture on AWS
2nd Sight Lab
 
Shared Security Responsibility Model of AWS
Akshay Mathur
 
Cloud native policy enforcement with Open Policy Agent
LibbySchulze
 
AWS temporary credentials challenges in prevention detection mitigation
John Varghese
 
Ad

Similar to Battle in the Clouds - Attacker vs Defender on AWS (20)

PDF
The AWS Shared Responsibility Model in Practice
Alert Logic
 
PPTX
AWS Security and Compliance Presentation
goutamnita
 
PPT
Aws training in bangalore
apponix123
 
PDF
The AWS Shared Responsibility Model in Practice
Alert Logic
 
PDF
Intro to threat_detection_and_remediation on aws
Bela Sojina MBA, PMP
 
PDF
Datensicherheit mit AWS - AWS Security Web Day
AWS Germany
 
PDF
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela Cárdenas Hidalgo
 
PDF
Oas un llamado a la accion
Marcela Cárdenas Hidalgo
 
PPTX
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
 
PPTX
Hackproof Your Cloud: Responding to 2016 Threats
CloudCheckr
 
PDF
Amazon Web Services: Overview of Security Processes
white paper
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
PPTX
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
Garth Boyd
 
PPTX
Building A Cloud Security Strategy for Scale
Chris Farris
 
PPTX
Cloud Security.pptx
Reena Harnal
 
PDF
Security compute services_whitepaper
saifam
 
PPTX
Alert Logic: Realities of Security in the Cloud
Alert Logic
 
PDF
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
PPTX
Security
Parag Patil
 
PDF
Mitigating techniques
Richard Harvey
 
The AWS Shared Responsibility Model in Practice
Alert Logic
 
AWS Security and Compliance Presentation
goutamnita
 
Aws training in bangalore
apponix123
 
The AWS Shared Responsibility Model in Practice
Alert Logic
 
Intro to threat_detection_and_remediation on aws
Bela Sojina MBA, PMP
 
Datensicherheit mit AWS - AWS Security Web Day
AWS Germany
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela Cárdenas Hidalgo
 
Oas un llamado a la accion
Marcela Cárdenas Hidalgo
 
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
 
Hackproof Your Cloud: Responding to 2016 Threats
CloudCheckr
 
Amazon Web Services: Overview of Security Processes
white paper
 
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
Garth Boyd
 
Building A Cloud Security Strategy for Scale
Chris Farris
 
Cloud Security.pptx
Reena Harnal
 
Security compute services_whitepaper
saifam
 
Alert Logic: Realities of Security in the Cloud
Alert Logic
 
Kernel Con 2022: Securing Cloud Native Workloads
Gabriel Schuyler
 
Security
Parag Patil
 
Mitigating techniques
Richard Harvey
 
Ad

More from CloudVillage (8)

PDF
Build to Hack, Hack to Build
CloudVillage
 
PDF
Phishing in the cloud era
CloudVillage
 
PDF
Mining Malevolence: Cryptominers in the Cloud
CloudVillage
 
PDF
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
CloudVillage
 
PDF
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
CloudVillage
 
PPTX
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
CloudVillage
 
PDF
MozDef Workshop slide
CloudVillage
 
PDF
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 
Build to Hack, Hack to Build
CloudVillage
 
Phishing in the cloud era
CloudVillage
 
Mining Malevolence: Cryptominers in the Cloud
CloudVillage
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
CloudVillage
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
CloudVillage
 
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
CloudVillage
 
MozDef Workshop slide
CloudVillage
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Encapsulation theory and applications.pdf
gurumoop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 

Battle in the Clouds - Attacker vs Defender on AWS