logo
allArticlesConferencesPresentations

Inside Out - The Cloud has Never been so Close

Conference:  BlackHat EU 2019

2019-12-05

Summary

The presentation discusses the challenges of securing cloud infrastructure, particularly in relation to public APIs and credential theft. The presenters propose an alternative approach using graphs to identify and fix dangerous misconfigurations.
  • Cloud infrastructure adds new management layer and security challenges that need to be well understood and secured
  • Credential theft is a well-known attack vector used by many adversaries
  • The use of public APIs introduces a new attack surface that traditional defenses cannot protect
  • The presenters propose an alternative approach using graphs to identify and fix dangerous misconfigurations
  • The tool should contain a large number of attack techniques, be recursive, and sort results by risk
The presenters provide an example of how an attacker can gain access to high-value resources by stealing user secrets stored on a workstation. Once the secrets are obtained, the attacker can modify code on a lambda, access instance metadata, and eventually gain enough permission to access user data stored on an AWS bucket.

Abstract

The public cloud infrastructure adds new management layer and security challenges that need to be well understood and secured. The fact that cloud provider application programming interfaces (API) are accessible through the internet has opened a new window for adversaries to take advantage and gain highly privileged access to cloud critical assets. Traditional defense mechanism mostly focuses on network, application and operating system defense. The use of public APIs introduces a new attack surface, one that traditional defenses cannot protect.Credential theft is a well-known attack vector used by many adversaries. It is so successful because organizations are struggling to follow the principle of least privilege. The persons who are in charge of cloud resources usually are the DevOps, Development and IT teams who need to manage those resources. Access to APIs performed by using different software development kit (SDK) and dedicated command line tools. Once those accounts are compromised, gaining access to high-value resources is one API call away.In this talk, we present an alternative new approach for attacking cloud infrastructure. We use graphs to build and illustrate the relationships between different resources, identities, and policies. After mapping all the relationships, we show how adversaries can easily abuse existing features to escalate privileges and get to high-value resources.
Materials:
Slides
Tags:

Post a comment

Related work

Introducing graph theory to Policy-As-Code

Conference:  OWASP 20th Anniversary Event
Authors: Barak Schoster
2021-09-24

Multi-Cloud Anomaly Detection: Finding Threats Among Us in the Big 3 Clouds

Conference:  RSA Conference 2021
Authors:
2021-05-17

Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes

Conference:  Defcon 31
Authors: Tiffany Rad Instructor at U.C. Berkeley, Austin Shamlin Co-Founder of Traverse Project
2023-08-01

Shift-left! Scanning for Security Compliance from Day Zero

Conference:  RSA Conference 2022
Authors:
2022-06-06

Hacking and Defending APIs - Red and Blue make Purple

Conference:  Global AppSec Dublin 2023
Authors: Matt Tesauro
2023-02-16

Distributing Supply Chain Artifacts with OCI & ORAS Artifacts

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Steve Lasker
2022-05-19