SlideShare une entreprise Scribd logo

WeirdAAL (AWS Attack Library)

Chris Gates
Chris Gates

WeirdAAL (AWS Attack Library) YSTS12 May 2018 Chris Gates & Ken Johnson

Technologie
1  sur  80
Download this presentation https://www.slideshare.net/chrisgates
WeirdAAL (AWS Attack Library) Chris Gates, Ken Johnson
whoami
whoami Chris Gates - Sr. Security Engineer - Uber Twitter: @carnal0wnage Blog: carnal0wnage.attackresearch.com Talks: slideshare.net/chrisgates
whoami
whoami Ken Johnson - AppSec - GitHub Twitter: @cktricky Talks: slideshare.net/KenJohnson61/
We’ve been talking about this... LasCon 2014 - DevOops, I did it Again https://www.youtube.com/watch?v=i8SnLXwlBWM
… and talking... DevOpsDays DC 2015 https://vimeo.com/137691444
...and talking some more... DevOops Redux - AppSec USA 2016 https://bit.ly/2qYe29y
… still going... RSA Conference 2017 https://bit.ly/2HOZ0N4
OKAY, WE GET IT ALREADY! (do you, though?) DevOops Redux - CERN 2017 & InsomniaHack 2017 https://cds.cern.ch/record/2256987
So what has happened during this time? 2014 - Code Spaces
… le sigh (horrorshow is right) 2015 - Systema Software
Come on! 2016 - Datadog
… surely its getting better? Nope 2017 - Deep Root Analytics / America?
This is why we drink 2018 - MBM Company, Tesla
So what did we decide to do about it?
Join the party of course :-)
Vaporware
WeirdAAL ● WeirdAAL (AWS Attack Library) ● https://github.com/carnal0wnage/ weirdAAL ● Python3 ● Relies heavily on boto3 library
WeirdAAL Two Goals: 1. Answer what can I do with this AWS Keypair [blackbox] 1. Be a repository of useful functions (offensive & defensive) to interact with AWS services.
WeirdAAL Prior work 1. CG’s aws_interrogate (vaporware) 2. https://github.com/dagrz/aws_pwn & his medium posts 3. https://github.com/bchew/dynamodump 4. https://github.com/ThreatResponse/aws_ir 5. https://github.com/nccgroup/Scout2
Setup / Usage / Boto3 ● Supports boto3 and aws credentials format ○ Using boto3 allows us to natively support STS tokens ○ Put your creds in .env folder in WeirdAAL home
Setup / Usage / Boto3 ● Targets ○ Passes a -t (target) value to track your work ○ Can have multiple AWS keys in a target ● Modules ○ Modules passed via -m to do various tasks ○ python3 weirdAAL.py -m dynamodb_list_tables -t demo ○ Coverage for many services but not all (so far) ■ EC2, Lambda, s3, dynamodb, iam, etc ● Built in proxy support via boto3
What Can I Do With This AWS Key Pair? AWS offers no easy way (blackbox) If you have IAM you can look at running services manually or check billing. Tedious & No Fun (135 services in boto3 1.7.4)
What Can I Do With This AWS Key Pair? Our solution, ask every service if we have permission to use it (recon_all)
What Can I Do With This AWS Key Pair? Recon_all demo
What Can I Do With This AWS Key Pair? Recon_all demo
What Can I Do With This AWS Key Pair?
What Can I Do With This AWS Key Pair? Recon_all demo (recap) Hit up every AWS service we can ask a **generic** question to ** required no args or specifics about that account Log to DB for use later and automation Todo: Evasion? Timing? Does anyone look or care?
What Can I Do With This AWS Key Pair? Recon_all demo (gotchas) ● Root keys that have invalid billing info give you: “SubscriptionRequiredException” or “OptInRequired” boto3 errors ● Root keys that are in good standing give you everything available :-/
F**king Stuff Up
What Can I Do With This AWS Key Pair? In previous talks, we discussed monitoring. Now we show you how to burn all that to the ground.
What Can I Do With This AWS Key Pair? Starting with SNS… List topics
What Can I Do With This AWS Key Pair? List subscribers to a topic
What Can I Do With This AWS Key Pair? Or… just delete the Topic. Now nobody knows what you’re doing :-)
What Can I Do With This AWS Key Pair? Config service has rules. You’ll see why cloudtrail is important
What Can I Do With This AWS Key Pair? We can list the config rules of course (for every region):
What Can I Do With This AWS Key Pair? But what about deleting rules? Yeah, we’ve got that too :-)
What Can I Do With This AWS Key Pair? Or just delete the whole recording altogether - BEFORE
What Can I Do With This AWS Key Pair? Let’s go ahead and just delete Config’s recorder altogether, shall we? First list them...
What Can I Do With This AWS Key Pair? Now, delete it :-)
What Can I Do With This AWS Key Pair? Welp, no more Config alerts… or Config at all, really
What Can I Do With This AWS Key Pair? IAM_Pwn Found a key with IAM/Root? Let’s automate the takeover / make backdoor accounts
What Can I Do With This AWS Key Pair? IAM_Pwn demo
What Can I Do With This AWS Key Pair? IAM_Pwn demo - List users
What Can I Do With This AWS Key Pair? IAM_Pwn demo - User details IAM console
What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete MFA device
What Can I Do With This AWS Key Pair? IAM_Pwn demo - change console password
What Can I Do With This AWS Key Pair? IAM_Pwn demo - create access/secret key
What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete access/secret key
What Can I Do With This AWS Key Pair? IAM_Pwn demo - make backdoor account
What Can I Do With This AWS Key Pair? IAM_Pwn (recap) Deleted 2FA Add console user / add new keys Backdoor admin user Hack all the thingz
What Can I Do With This AWS Key Pair? IAM_Pwn (story time) Made backdoor account in pentest, proved lack of logging and policy enforcement
What Can I Do With This AWS Key Pair? Logging / IR
What Can I Do With This AWS Key Pair? Lambda - list_functions
What Can I Do With This AWS Key Pair? Lambda - get_function
What Can I Do With This AWS Key Pair? Thankfully, lambda serverless arch and KMS means no more creds in code right?
What Can I Do With This AWS Key Pair? Nope :-)
What Can I Do With This AWS Key Pair? Lambda http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.update_function_code
It’s cool I have cloudtrail configured….
What Can I Do With This AWS Key Pair? Stop Cloudtrail logging (ref: https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594) Identify existing CloudTrail trails
What Can I Do With This AWS Key Pair? Stop Cloudtrail logging Use TrailARN to stop CloudTrail with stop_logging function
What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail Use TrailARN to stop CloudTrail with delete_trail function
What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail
What Can I Do With This AWS Key Pair? Logging / IR
What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
What Can I Do With This AWS Key Pair? EC2 get_console_output
What Can I Do With This AWS Key Pair? EC2 get_console_output
What Can I Do With This AWS Key Pair? EC2 get_console_output_all
What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
What Can I Do With This AWS Key Pair? Just plain mean…. ec2_stop_instances
Useful Functions & Libs Grew tired of stackoverflowing everything Ideally, grab useful functions and throw together quick python script to knock out your task Uses libs for actions that need more control/finesse/data passed
Example of a Module
Useful Functions & Libs Used WeirdAAL at work to get public EC2 instances quickly so we can do external pentesting -impossible to know given the large range of AWS IP space
Useful Functions & Libs Pydoc friendly (work in progress)
Questions?
Contact Info Chris Gates Slides Twitter: @carnal0wnage https://www.slideshare.net/chrisgates Ken Johnson Code: Twitter: @cktricky https://github.com/carnal0wnage/weirdAAL

Recommandé

BGA Staj Okulu Sınavı'17
BGA Staj Okulu Sınavı'17BGA Staj Okulu Sınavı'17
BGA Staj Okulu Sınavı'17BGA Cyber Security
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfChristopher Doman
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWSRajind Ruparathna
 

Recommandé

BGA Staj Okulu Sınavı'17
BGA Staj Okulu Sınavı'17BGA Staj Okulu Sınavı'17
BGA Staj Okulu Sınavı'17BGA Cyber Security
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfChristopher Doman
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWSRajind Ruparathna
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as codeAmazon Web Services
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsTenchi Security
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to ServerlessAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
ATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceChristopher Korban
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty LabAmazon Web Services
 
AWS Code Services
AWS Code ServicesAWS Code Services
AWS Code ServicesAmazon Web Services
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon InspectorAmazon Web Services
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1BGA Cyber Security
 
Terraform
TerraformTerraform
TerraformPhil Wilkins
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAWS Riyadh User Group
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetesFaculty of Technical Sciences, University of Novi Sad
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018Chris Gates
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessLuciano Mammino
 

Contenu connexe

Tendances

Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsTenchi Security
 
ATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceChristopher Korban
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon InspectorAmazon Web Services
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1BGA Cyber Security
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon Web Services
 

Tendances (20)

Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ails
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to Serverless
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
ATT&CKing with Threat Intelligence
ATT&CKing with Threat IntelligenceATT&CKing with Threat Intelligence
ATT&CKing with Threat Intelligence
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
AWS Code Services
AWS Code ServicesAWS Code Services
AWS Code Services
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
 
Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1Log Yönetimi ve Saldırı Analizi Eğitimi -1
Log Yönetimi ve Saldırı Analizi Eğitimi -1
 
Terraform
TerraformTerraform
Terraform
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon Inspector
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
 

Similaire à WeirdAAL (AWS Attack Library)

WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018Chris Gates
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessLuciano Mammino
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Yan Cui
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Yan Cui
 
Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Yan Cui
 
End-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesEnd-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesMassimo Ferre'
 
Introduction to the Serverless paradigm
Introduction to the Serverless paradigmIntroduction to the Serverless paradigm
Introduction to the Serverless paradigmAlex Casalboni
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Yan Cui
 
Bostonrb Amazon Talk
Bostonrb Amazon TalkBostonrb Amazon Talk
Bostonrb Amazon TalkBrian Kaney
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience reportYan Cui
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Yan Cui
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Yan Cui
 
Richard Cole of Amazon Gives Lightning Tallk at BigDataCamp
Richard Cole of Amazon Gives Lightning Tallk at BigDataCampRichard Cole of Amazon Gives Lightning Tallk at BigDataCamp
Richard Cole of Amazon Gives Lightning Tallk at BigDataCampBigDataCamp
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Yan Cui
 
AWS Observability Made Simple
AWS Observability Made SimpleAWS Observability Made Simple
AWS Observability Made SimpleLuciano Mammino
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?Ken Johnson
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenchesYan Cui
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventJohn Schneider
 

Similaire à WeirdAAL (AWS Attack Library) (20)

WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti Serverless
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)
 
Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)
 
End-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesEnd-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS services
 
Introduction to the Serverless paradigm
Introduction to the Serverless paradigmIntroduction to the Serverless paradigm
Introduction to the Serverless paradigm
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)
 
Bostonrb Amazon Talk
Bostonrb Amazon TalkBostonrb Amazon Talk
Bostonrb Amazon Talk
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)
 
Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)
 
Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)
 
Richard Cole of Amazon Gives Lightning Tallk at BigDataCamp
Richard Cole of Amazon Gives Lightning Tallk at BigDataCampRichard Cole of Amazon Gives Lightning Tallk at BigDataCamp
Richard Cole of Amazon Gives Lightning Tallk at BigDataCamp
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)
 
AWS Observability Made Simple
AWS Observability Made SimpleAWS Observability Made Simple
AWS Observability Made Simple
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenches
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:Invent
 

Plus de Chris Gates

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVChris Gates
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 

Plus de Chris Gates (20)

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

WeirdAAL (AWS Attack Library)

  • 4. whoami Chris Gates - Sr. Security Engineer - Uber Twitter: @carnal0wnage Blog: carnal0wnage.attackresearch.com Talks: slideshare.net/chrisgates
  • 6. whoami Ken Johnson - AppSec - GitHub Twitter: @cktricky Talks: slideshare.net/KenJohnson61/
  • 7. We’ve been talking about this... LasCon 2014 - DevOops, I did it Again https://www.youtube.com/watch?v=i8SnLXwlBWM
  • 8. … and talking... DevOpsDays DC 2015 https://vimeo.com/137691444
  • 9. ...and talking some more... DevOops Redux - AppSec USA 2016 https://bit.ly/2qYe29y
  • 10. … still going... RSA Conference 2017 https://bit.ly/2HOZ0N4
  • 11. OKAY, WE GET IT ALREADY! (do you, though?) DevOops Redux - CERN 2017 & InsomniaHack 2017 https://cds.cern.ch/record/2256987
  • 12. So what has happened during this time? 2014 - Code Spaces
  • 13. … le sigh (horrorshow is right) 2015 - Systema Software
  • 14. Come on! 2016 - Datadog
  • 15. … surely its getting better? Nope 2017 - Deep Root Analytics / America?
  • 16. This is why we drink 2018 - MBM Company, Tesla
  • 17. So what did we decide to do about it?
  • 18. Join the party of course :-)
  • 20. WeirdAAL ● WeirdAAL (AWS Attack Library) ● https://github.com/carnal0wnage/ weirdAAL ● Python3 ● Relies heavily on boto3 library
  • 21. WeirdAAL Two Goals: 1. Answer what can I do with this AWS Keypair [blackbox] 1. Be a repository of useful functions (offensive & defensive) to interact with AWS services.
  • 22. WeirdAAL Prior work 1. CG’s aws_interrogate (vaporware) 2. https://github.com/dagrz/aws_pwn & his medium posts 3. https://github.com/bchew/dynamodump 4. https://github.com/ThreatResponse/aws_ir 5. https://github.com/nccgroup/Scout2
  • 23. Setup / Usage / Boto3 ● Supports boto3 and aws credentials format ○ Using boto3 allows us to natively support STS tokens ○ Put your creds in .env folder in WeirdAAL home
  • 24. Setup / Usage / Boto3 ● Targets ○ Passes a -t (target) value to track your work ○ Can have multiple AWS keys in a target ● Modules ○ Modules passed via -m to do various tasks ○ python3 weirdAAL.py -m dynamodb_list_tables -t demo ○ Coverage for many services but not all (so far) ■ EC2, Lambda, s3, dynamodb, iam, etc ● Built in proxy support via boto3
  • 25. What Can I Do With This AWS Key Pair? AWS offers no easy way (blackbox) If you have IAM you can look at running services manually or check billing. Tedious & No Fun (135 services in boto3 1.7.4)
  • 26. What Can I Do With This AWS Key Pair? Our solution, ask every service if we have permission to use it (recon_all)
  • 27. What Can I Do With This AWS Key Pair? Recon_all demo
  • 28. What Can I Do With This AWS Key Pair? Recon_all demo
  • 29. What Can I Do With This AWS Key Pair?
  • 30. What Can I Do With This AWS Key Pair? Recon_all demo (recap) Hit up every AWS service we can ask a **generic** question to ** required no args or specifics about that account Log to DB for use later and automation Todo: Evasion? Timing? Does anyone look or care?
  • 31. What Can I Do With This AWS Key Pair? Recon_all demo (gotchas) ● Root keys that have invalid billing info give you: “SubscriptionRequiredException” or “OptInRequired” boto3 errors ● Root keys that are in good standing give you everything available :-/
  • 33. What Can I Do With This AWS Key Pair? In previous talks, we discussed monitoring. Now we show you how to burn all that to the ground.
  • 34. What Can I Do With This AWS Key Pair? Starting with SNS… List topics
  • 35. What Can I Do With This AWS Key Pair? List subscribers to a topic
  • 36. What Can I Do With This AWS Key Pair? Or… just delete the Topic. Now nobody knows what you’re doing :-)
  • 37. What Can I Do With This AWS Key Pair? Config service has rules. You’ll see why cloudtrail is important
  • 38. What Can I Do With This AWS Key Pair? We can list the config rules of course (for every region):
  • 39. What Can I Do With This AWS Key Pair? But what about deleting rules? Yeah, we’ve got that too :-)
  • 40. What Can I Do With This AWS Key Pair? Or just delete the whole recording altogether - BEFORE
  • 41. What Can I Do With This AWS Key Pair? Let’s go ahead and just delete Config’s recorder altogether, shall we? First list them...
  • 42. What Can I Do With This AWS Key Pair? Now, delete it :-)
  • 43. What Can I Do With This AWS Key Pair? Welp, no more Config alerts… or Config at all, really
  • 44. What Can I Do With This AWS Key Pair? IAM_Pwn Found a key with IAM/Root? Let’s automate the takeover / make backdoor accounts
  • 45. What Can I Do With This AWS Key Pair? IAM_Pwn demo
  • 46. What Can I Do With This AWS Key Pair? IAM_Pwn demo - List users
  • 47. What Can I Do With This AWS Key Pair? IAM_Pwn demo - User details IAM console
  • 48. What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete MFA device
  • 49. What Can I Do With This AWS Key Pair? IAM_Pwn demo - change console password
  • 50. What Can I Do With This AWS Key Pair? IAM_Pwn demo - create access/secret key
  • 51. What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete access/secret key
  • 52. What Can I Do With This AWS Key Pair? IAM_Pwn demo - make backdoor account
  • 53. What Can I Do With This AWS Key Pair? IAM_Pwn (recap) Deleted 2FA Add console user / add new keys Backdoor admin user Hack all the thingz
  • 54. What Can I Do With This AWS Key Pair? IAM_Pwn (story time) Made backdoor account in pentest, proved lack of logging and policy enforcement
  • 55. What Can I Do With This AWS Key Pair? Logging / IR
  • 56. What Can I Do With This AWS Key Pair? Lambda - list_functions
  • 57. What Can I Do With This AWS Key Pair? Lambda - get_function
  • 58. What Can I Do With This AWS Key Pair? Thankfully, lambda serverless arch and KMS means no more creds in code right?
  • 59. What Can I Do With This AWS Key Pair? Nope :-)
  • 60. What Can I Do With This AWS Key Pair? Lambda http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.update_function_code
  • 61. It’s cool I have cloudtrail configured….
  • 62. What Can I Do With This AWS Key Pair? Stop Cloudtrail logging (ref: https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594) Identify existing CloudTrail trails
  • 63. What Can I Do With This AWS Key Pair? Stop Cloudtrail logging Use TrailARN to stop CloudTrail with stop_logging function
  • 64. What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail Use TrailARN to stop CloudTrail with delete_trail function
  • 65. What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail
  • 66. What Can I Do With This AWS Key Pair? Logging / IR
  • 67. What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
  • 68. What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
  • 69. What Can I Do With This AWS Key Pair? EC2 get_console_output
  • 70. What Can I Do With This AWS Key Pair? EC2 get_console_output
  • 71. What Can I Do With This AWS Key Pair? EC2 get_console_output_all
  • 72. What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
  • 73. What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
  • 74. What Can I Do With This AWS Key Pair? Just plain mean…. ec2_stop_instances
  • 75. Useful Functions & Libs Grew tired of stackoverflowing everything Ideally, grab useful functions and throw together quick python script to knock out your task Uses libs for actions that need more control/finesse/data passed
  • 76. Example of a Module
  • 77. Useful Functions & Libs Used WeirdAAL at work to get public EC2 instances quickly so we can do external pentesting -impossible to know given the large range of AWS IP space
  • 78. Useful Functions & Libs Pydoc friendly (work in progress)
  • 80. Contact Info Chris Gates Slides Twitter: @carnal0wnage https://www.slideshare.net/chrisgates Ken Johnson Code: Twitter: @cktricky https://github.com/carnal0wnage/weirdAAL