automated analysis of aws infrastructures
play

Automated analysis of AWS infrastructures Supervisor: Cedric van - PowerPoint PPT Presentation

Peter Bennink 3rd of July, 2018 MSc System & Network Engineering Automated analysis of AWS infrastructures Supervisor: Cedric van Bockhaven - Peter Bennink 3rd of July, 2018 Background ... a secure cloud services platform, offering


  1. Peter Bennink 3rd of July, 2018 MSc System & Network Engineering Automated analysis of AWS infrastructures Supervisor: Cedric van Bockhaven -

  2. Peter Bennink 3rd of July, 2018 Background “... a secure cloud services platform, offering compute power, database storage, content delivery and other functionality …” 2

  3. Peter Bennink 3rd of July, 2018 Background EC2 (Elastic Compute Cloud) RDS (Relational Database Service) S3 (Simple Storage Service) 3

  4. Peter Bennink 3rd of July, 2018 Background VPC Security groups IAM 4

  5. Peter Bennink 3rd of July, 2018 Background VPC Security groups IAM 5

  6. Peter Bennink 3rd of July, 2018 Background IAM - Access keys - Policies - Users - Groups - Roles 6

  7. Peter Bennink 3rd of July, 2018 Background IAM > Policies - Effect (Allow/Deny) - Action - Resource 7

  8. Peter Bennink 3rd of July, 2018 Introduction - You’ve infiltrated an AWS infrastructure, now what? - Expanding access - Knowledge of inaccessible components - Visualization 8

  9. Peter Bennink 3rd of July, 2018 Background Bloodhound Active Directory 9

  10. Peter Bennink 3rd of July, 2018 Research question Given an infiltrated AWS component, what part of the related infrastructure would an automated tool be able to index? 10

  11. Peter Bennink 3rd of July, 2018 Methodology 1. Analysis 2. Development 3. Testing 11

  12. Peter Bennink 3rd of July, 2018 Methodology 1. Analysis 2. Development 3. Testing 12

  13. Peter Bennink 3rd of July, 2018 Analysis IAM - Resource-level permissions - *:Describe* - *:List* 13

  14. Peter Bennink 3rd of July, 2018 Background IAM > Policies - Effect (Allow/Deny) - Action - Resource 14

  15. Peter Bennink 3rd of July, 2018 Analysis IAM - Resource-level permissions - *:Describe* - *:List* 15

  16. Peter Bennink 3rd of July, 2018 Analysis Metadata server - EC2 - 169.254.169.254 16

  17. Peter Bennink 3rd of July, 2018 Functionality Metadata crawler Captures everything on the metadata server… … including security credentials 17

  18. Peter Bennink 3rd of July, 2018 Functionality Permission bruteforcer Infrastructure analyser Checks what commands Uses access of key(s) to create access keys can use mapping of infrastructure 18

  19. Peter Bennink 3rd of July, 2018 19

  20. Peter Bennink 3rd of July, 2018 Development - Neo4j - boto3 - py2neo 20

  21. Peter Bennink 3rd of July, 2018 Conclusion - Very useful for expanding - Diversity of keys more access & escalating privilege important than privilege in - Resource-level permissions terms of enumeration https://gitlab.com/PeterBennink/aws-infrastructure-analysis 21

  22. Peter Bennink 3rd of July, 2018 Discussion/Future work Expandable in an infinite number of ways 22

  23. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work Expandable in an infinite number of ways 23

  24. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work - STS Expandable in an infinite number of ways 24

  25. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work - STS - More AWS services/commands Expandable in an infinite number of ways 25

  26. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work - STS - More AWS services/commands - Automated infiltration Expandable in an infinite number of ways 26

  27. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work - STS - More AWS services/commands - Automated infiltration Expandable in an infinite number of ways - Nmapping subnets 27

  28. Peter Bennink 3rd of July, 2018 - Linkurious (visualization) Discussion/Future work - STS - More AWS services/commands - Automated infiltration Expandable in an infinite number of ways - Nmapping subnets - Resource-level permission bruteforcer 28

  29. Peter Bennink 3rd of July, 2018 Thank you. Any questions? https://gitlab.com/PeterBennink/aws-infrastructure-analysis 29

Recommend


More recommend