SlideShare a Scribd company logo

Revealing Choke Points - Practical Tactics for Boosting Cloud Security

Download as PPTX, PDF
Cloud Village, profile picture
Cloud Village

The document discusses the concepts of threats, high-value targets (HVTs), attack vectors, and choke points in the context of cybersecurity, specifically in cloud environments. It defines threats as potential causes of incidents that can harm systems and organizations, while HVTs are critical personnel or resources that, if compromised, can lead to significant risks. Furthermore, it explores attack vectors as methods used by cyber attackers to compromise systems and emphasizes the importance of managing permissions through AWS Identity and Access Management (IAM).

Technology
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Filipi Pires Director of Threat Researcher and Cybersecurity Advocate 1 Choke Points: Practical Tactics for Boosting Cloud Security
Director of Threat Researcher and Security Advocate Advocate Opensource/Community Instructor, Writer and Reviewer #WHOAMI
What is Threat? 3
# What is a Threat??? According to ISO 27005, a threat is defined as a potential cause of an incident that may cause harm to systems and organization. • Software attacks • Theft of intellectual property • Identity theft • Sabotage • Information extortion are examples of information security threats.
HVT- High-Value Target
# HTV – High-Value Target In United States military terminology, a High-Value Target (HVT) is the term given to a person or resource that an enemy commander requires to complete a mission. Which of your organization's staff members can provide access to critically important information/systems and, if compromised, could become a single point of failure? Who are the ones that pose a high-impact risk if an attack against them is successful? Source:https://www.xmcyber.com/blog/attack-path-vs-attack-vector-important-differences-you-need-to-know/
HVTs are usually individuals in the C-Suite, board members, senior executive management personnel, executive assistants, teams, or people with elevated privileges regarding information and organizational assets (including technological assets). Other times, they are teams of people working on sensitive or high-stake projects. Individuals may also turn into an HVT over a relatively short, specific period of time if, during that time, they get to engage in a critical project for the organization Source:https://www.xmcyber.com/blog/attack-path-vs-attack-vector-important-differences-you-need-to-know/ # HTV – High-Value Target
Attack Vector x Attack Path
# Attack Vector An attack vector is a method that cyber-attackers use to compromise a system. Although the terms are sometimes mixed, attack vectors are not to be confused with an attack surface, which is best defined as every possible point where an adversary can attempt to gain entry into your network or system.
Malware, ransomware or phishing are all examples of common attack vectors. Some of the human errors that help create attack vectors include: • Having weak credentials • Using ”poor“ encryption • Misconfigurations • Allowing access to sensitive information via privilege escalation # Attack Vector
# Attack Path An attack path is a visualization of the chain of events that occurs when attack vectors are exploited. In this sense, an attack vector acts as a doorway, while an attack path is a map that shows how an adversary entered the door and where that adversary went. https://owasp.org/www-project-top-ten/2017/Application_Security_Risks
Choke Points
# Choke Points In cloud security, a choke point is a strategic location where multiple attack paths converge before reaching critical assets. These assets could include cloud resources, endpoints, files, or folders that attackers may target to advance toward more valuable objectives.
AWS IAM
# AWS IAM AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html # AWS IAM
Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html # AWS IAM
Exploitation based on permission...
# AWS Attack
# AWS Attack
# AWS Attack
# AWS Attack
# AWS Attack
# AWS Attack
# AWS Attack
# AWS Attack – Create Policy Version
27 # AWS Attack – AWSPX Source: https://github.com/WithSecureLabs/awspx
How can senhasegura help the community? 28
Filipi Pires Director of Threat Researcher and Cybersecurity Advocate
Demo
Thank you https://filipipires.com https://twitter.com/FilipiPires https://github.com/filipi86 https://www.linkedin.com/in/filipipires/

More Related Content

PDF
The Rising Threat of Fileless Malware
Chelsea Sisson
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PDF
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
Nathan Anderson
 
PPTX
Cybersecurity
A. Shamel
 
PDF
Web app security essentials | 2022
KharimMchatta
 
PPTX
Cyber Security Interview Questions and Answers | Cyber Security Interview Tip...
Simplilearn
 
DOCX
Running head Cryptography1Cryptography16.docx
healdkathaleen
 
PDF
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
CyberPro Magazine
 
The Rising Threat of Fileless Malware
Chelsea Sisson
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
Nathan Anderson
 
Cybersecurity
A. Shamel
 
Web app security essentials | 2022
KharimMchatta
 
Cyber Security Interview Questions and Answers | Cyber Security Interview Tip...
Simplilearn
 
Running head Cryptography1Cryptography16.docx
healdkathaleen
 
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
CyberPro Magazine
 

Similar to Revealing Choke Points - Practical Tactics for Boosting Cloud Security (20)

PPTX
Appsec2013 assurance tagging-robert martin
drewz lin
 
PPTX
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
PDF
Anatomy of a cyber attack
Mark Silver
 
PPTX
Continuous security testing - sharing responsibility
VodqaBLR
 
PPTX
Introduction to cyber security
AliyuMuhammadButu
 
PPT
Introduction To Ethical Hacking
chakrekevin
 
PDF
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
PPTX
An An Exploration Into the Cyber Security
sivasakthin2022cse
 
PPTX
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
PPTX
Cyber Security Management in a Highly Innovative World
SafeNet
 
PPT
Security issues in the wireless networks.ppt
AvinashAvuthu2
 
PPTX
2023 People Centric pitch01012023-v1.pptx
imanuelantoniussohir
 
PPTX
Cyber security
ankit yadav
 
ODP
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
PPT
Handout infosec defense-mechanism-y3dips
Ammar WK
 
PDF
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
PDF
The Cyber Attack Risk
Skyport Systems
 
PDF
Malware in penetration testing 1
Arbab Usmani
 
PDF
Apt zero day malware
aspiretss
 
PDF
What Is Denial Of Service Attack
Stephanie Williams
 
Appsec2013 assurance tagging-robert martin
drewz lin
 
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
Anatomy of a cyber attack
Mark Silver
 
Continuous security testing - sharing responsibility
VodqaBLR
 
Introduction to cyber security
AliyuMuhammadButu
 
Introduction To Ethical Hacking
chakrekevin
 
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
An An Exploration Into the Cyber Security
sivasakthin2022cse
 
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
Cyber Security Management in a Highly Innovative World
SafeNet
 
Security issues in the wireless networks.ppt
AvinashAvuthu2
 
2023 People Centric pitch01012023-v1.pptx
imanuelantoniussohir
 
Cyber security
ankit yadav
 
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
Handout infosec defense-mechanism-y3dips
Ammar WK
 
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
The Cyber Attack Risk
Skyport Systems
 
Malware in penetration testing 1
Arbab Usmani
 
Apt zero day malware
aspiretss
 
What Is Denial Of Service Attack
Stephanie Williams
 
Ad

More from Cloud Village (18)

PPTX
Unexpected Leaks in AWS Transit Gateways
Cloud Village
 
PDF
The Rise of the Planet of the Agents: LLM-based AI Agents and Cloud Security ...
Cloud Village
 
PDF
Creating Azure Policy Compliant Backdoor
Cloud Village
 
PPTX
Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities f...
Cloud Village
 
PDF
Cloud Tripwires: fighting stealth with stealth
Cloud Village
 
PPTX
Connecting the Dots - Mastering Alert Correlation for Proactive Defense in th...
Cloud Village
 
PDF
Runtime Reachability: Prioritizing Vulnerabilities with eBPF & Continuous Pro...
Cloud Village
 
PDF
Finding Holes in Conditional Access Policies
Cloud Village
 
PPTX
One Click, Six Services - Abusing The Dangerous Multi-service Orchestration P...
Cloud Village
 
PDF
Terraform Unleashed - Crafting Custom Provider Exploits for Ultimate Control
Cloud Village
 
PPTX
Workshop: Hands-On Container Image Security Mastering Sigstore for Unbreachab...
Cloud Village
 
PDF
DC 32: Epyon - Attacking DevOps environments
Cloud Village
 
PDF
Exploit K8S via Misconfiguration .YAML in CSP environments
Cloud Village
 
PDF
Cloud Offensive Breach and Risk Assessment (COBRA)
Cloud Village
 
PDF
One Port to Serve Them All - Google GCP Cloud Shell Abuse
Cloud Village
 
PDF
The Oracle Awakens: Demystifying Privilege Escalation in the cloud
Cloud Village
 
PDF
Catch them all! Detection engineering and purple teaming in the cloud
Cloud Village
 
PDF
Gone in 60 Seconds… How Azure AD/Entra ID Tenants are Compromise
Cloud Village
 
Unexpected Leaks in AWS Transit Gateways
Cloud Village
 
The Rise of the Planet of the Agents: LLM-based AI Agents and Cloud Security ...
Cloud Village
 
Creating Azure Policy Compliant Backdoor
Cloud Village
 
Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities f...
Cloud Village
 
Cloud Tripwires: fighting stealth with stealth
Cloud Village
 
Connecting the Dots - Mastering Alert Correlation for Proactive Defense in th...
Cloud Village
 
Runtime Reachability: Prioritizing Vulnerabilities with eBPF & Continuous Pro...
Cloud Village
 
Finding Holes in Conditional Access Policies
Cloud Village
 
One Click, Six Services - Abusing The Dangerous Multi-service Orchestration P...
Cloud Village
 
Terraform Unleashed - Crafting Custom Provider Exploits for Ultimate Control
Cloud Village
 
Workshop: Hands-On Container Image Security Mastering Sigstore for Unbreachab...
Cloud Village
 
DC 32: Epyon - Attacking DevOps environments
Cloud Village
 
Exploit K8S via Misconfiguration .YAML in CSP environments
Cloud Village
 
Cloud Offensive Breach and Risk Assessment (COBRA)
Cloud Village
 
One Port to Serve Them All - Google GCP Cloud Shell Abuse
Cloud Village
 
The Oracle Awakens: Demystifying Privilege Escalation in the cloud
Cloud Village
 
Catch them all! Detection engineering and purple teaming in the cloud
Cloud Village
 
Gone in 60 Seconds… How Azure AD/Entra ID Tenants are Compromise
Cloud Village
 
Ad

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Teaching material agriculture food technology
LiaRayya
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Approach and Philosophy of On baking technology
30anthuong17
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Encapsulation theory and applications.pdf
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 

Revealing Choke Points - Practical Tactics for Boosting Cloud Security

  • 1. Filipi Pires Director of Threat Researcher and Cybersecurity Advocate 1 Choke Points: Practical Tactics for Boosting Cloud Security
  • 2. Director of Threat Researcher and Security Advocate Advocate Opensource/Community Instructor, Writer and Reviewer #WHOAMI
  • 4. # What is a Threat??? According to ISO 27005, a threat is defined as a potential cause of an incident that may cause harm to systems and organization. • Software attacks • Theft of intellectual property • Identity theft • Sabotage • Information extortion are examples of information security threats.
  • 6. # HTV – High-Value Target In United States military terminology, a High-Value Target (HVT) is the term given to a person or resource that an enemy commander requires to complete a mission. Which of your organization's staff members can provide access to critically important information/systems and, if compromised, could become a single point of failure? Who are the ones that pose a high-impact risk if an attack against them is successful? Source:https://www.xmcyber.com/blog/attack-path-vs-attack-vector-important-differences-you-need-to-know/
  • 7. HVTs are usually individuals in the C-Suite, board members, senior executive management personnel, executive assistants, teams, or people with elevated privileges regarding information and organizational assets (including technological assets). Other times, they are teams of people working on sensitive or high-stake projects. Individuals may also turn into an HVT over a relatively short, specific period of time if, during that time, they get to engage in a critical project for the organization Source:https://www.xmcyber.com/blog/attack-path-vs-attack-vector-important-differences-you-need-to-know/ # HTV – High-Value Target
  • 9. # Attack Vector An attack vector is a method that cyber-attackers use to compromise a system. Although the terms are sometimes mixed, attack vectors are not to be confused with an attack surface, which is best defined as every possible point where an adversary can attempt to gain entry into your network or system.
  • 10. Malware, ransomware or phishing are all examples of common attack vectors. Some of the human errors that help create attack vectors include: • Having weak credentials • Using ”poor“ encryption • Misconfigurations • Allowing access to sensitive information via privilege escalation # Attack Vector
  • 11. # Attack Path An attack path is a visualization of the chain of events that occurs when attack vectors are exploited. In this sense, an attack vector acts as a doorway, while an attack path is a map that shows how an adversary entered the door and where that adversary went. https://owasp.org/www-project-top-ten/2017/Application_Security_Risks
  • 13. # Choke Points In cloud security, a choke point is a strategic location where multiple attack paths converge before reaching critical assets. These assets could include cloud resources, endpoints, files, or folders that attackers may target to advance toward more valuable objectives.
  • 15. # AWS IAM AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
  • 26. # AWS Attack – Create Policy Version
  • 27. 27 # AWS Attack – AWSPX Source: https://github.com/WithSecureLabs/awspx
  • 28. How can senhasegura help the community? 28
  • 29. Filipi Pires Director of Threat Researcher and Cybersecurity Advocate
  • 30. Demo

Editor's Notes