cloud
play

CLOUD POST EXPLOITATION Andrew Johnson @secprez | Sacha Faust - PowerPoint PPT Presentation

Feb 28, 2024 •948 likes •1.31k views

CLOUD POST EXPLOITATION Andrew Johnson @secprez | Sacha Faust @sachafaust | Cloud & Enterprise Red T eam ake Aways Azure Overview Key T Cloud Pivots Trends and Countermeasures 2 eam Red Team Success Culture Collective Growth

  1. CLOUD POST EXPLOITATION Andrew Johnson @secprez | Sacha Faust @sachafaust | Cloud & Enterprise Red T eam

  2. ake Aways Azure Overview Key T Cloud Pivots Trends and Countermeasures 2

  3. eam • Red Team Success Culture – Collective Growth Mindset • C+E Red T “Let’s make it harder!” MTTC + MTTO • Engineering Focused MTTD + MTTR • Diplomatic • Clear rules of engagement • Operate like Next Generation APT™ • P0 focus – break glass scenarios • Cloud vs Cloud • Shift from Operation to Run Adapt Adapt+ Recovery Games Walk Crawl 3

  4. Azure Crash Course

  5. Production Domain Internet SQL Azure Azure VM Azure Network ACL, (IAAS) PAAS Ingress & Egress Azure Storage Service Monitoring Private Network Azure Analytics Azure VNET (Logging) VM VM Azure Redis Cache Application SQL Server Domain Controller Azure Azure File Server Server Key Vault Document DB 5

  6. Cloud Mindset Server Services Domain Subscription Domain Admin Subscription Admin Pass the Hash Credential Pivot Private IPs Public IPs RDP / SSH Management APIs 6

  7. Pivoting

  8. Option 1 – Exfil running VM Basic - Storage to VM Shadow copy VM Start-AzureStorageBlobCopy Option 2 – override VM when turned off Research Area – Tamper running VM 8

  9. PAAS 101 Attacking Hosted Services - PAAS • Hosted Services are created from three elements: Certificates • Certificates hosting in the cloud service • A configuration file containing secrets and other service metadata • A package containing the code and resources Hosted Service Package Configuration (cspkg) (cscfg) 9

  10. RDP Extension Step 1 – Get role configuration Get-AzureDeployment Step 2 – Create Extension New- Remote Desktop AzureServiceRemoteDesktopExtensi onConfig Step 3 – Push tampered package Set-AzureDeployment Step 4 – Remove when done Remove- PAASRemoteAccessExtension 10

  11. Platform As a Service (PAAS) 11

  12. PAAS Certificates Step 1 – Query management API to get Certificates available Get-AzureDeployment Step 2 – Create custom service package • Add target certificate thumbprint • Make service dump certs from OS and exfil Step 3 – Initiate deployment Set-AzureDeployment with Use upgrade flag to staging slot Step 4 – Wait for cert and pivot 12

  13. PAAS Upgrade Step 1 - Exfiltrate cspkg file Get Package Get-AzureBlobContent Step 2 – Find/Create elevated task and bootstrap malware Step 3 – Update file hash Step 4 – Push tampered package Set-AzureBlobContent Step 5 – Initiate deployment Set-AzureDeployment with Use upgrade flag 13

  14. Hybrid Pivot On Premise to Cloud Pivot! 14

  15. Persistence

  16. Persistence - Pyramid • Service Principals support multiple passwords Identity • App provides rich landscape • Subscription administrators Subscription • Management Certificates • Storage Account Key Storage Account • Secure Access Url (SAS) key (offline minting) • Tamper Deployment Cloud Service • OS persistence Virtual • Override Machine • Shadow copy • Add resource to resource group (VM) Network • Modify Network Security Group 17

  18. As an operator/attacker, do you have enough visibility in the risks you are accepting? Indicators of Monitoring (IOM) • Detection (IOD) • Recovery (IOR) •

  19. Rise of Anomaly Detection IOM/D Trends Azure Security Center Anomaly Detection API – Cortana Intelligence Gallery Azure Security Center https://aka.ms/infiltrate2017-anomalyapi “Anomaly Detection is an API built with Azure Machine Learning that is useful for detecting different types of anomalous patterns in your time series data” 20

  20. Purple Teaming – https://aka.ms/scalingredteam IOM/D Trends 21

  21. The commoditization of Threat Intel IOM/D Trends Azure Security Center 22

  22. “Stealth” features in Defense IOM/D Trends DATA PLANE CONTROL PLANE Forensic @Scale Off-Node Analysis VM VHD VHD VHD VHD VHD VHD VHD Azure Storage 23

  23. Trends – Engineering • Monoculture • Shift from cost center to profit • Used to scale - system engineering and data scientist • Used to very high expectation – Azure 99.9% https://www.youtube.com/watch?v=R31Ez1XJEeI

  24. Trends – Engineering Assume Breach mindset

  25. Specific/sequential targeting Sophisticated planning Counter Measures … Effective reconnaissance Social engineering Practiced tool usage Advanced & persistent Varied Persistence Intelligence Driven Diversionary T actics Machine Learning Multi-FrontAssaults Infiltrate 2015 - Data Driven Offence https://vimeo.com/133292422 26

  26. Counter Measures … 27

  27. Thank you Sacha cha Faust ust Andr drew ew Joh ohnson son @sachafaust achafaust @secpr ecprez ez https://aka.ms/cesecurityjobsse

Recommend

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2% of total US energy

The Data Furnace: Heating Up with Cloud Computing Jie Liu , Michel Goraczko, Jiakang Lu Sean James, Christian Belady Kamin Whitehouse Microsoft University of Virginia The Cloud Is Big! The Cloud Is Hot! IT industry Constitutes about 2%

551 views • 16 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises

NVIDIA GPUs in the Cloud 4 EVOLVING CLOUD REQUIREMENTS On Off Hybrid Cloud premises premises Connecting clouds New workloads Components to disrupt SOFTLAYER CAPABILITIES OVERVIEW 5 GLOBAL CLOUD PLATFORM Unified architecture enabled by

390 views • 17 slides
github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission " :

github.com/18F/cg-workshop I Want You to use cloud.gov : Focus on mission " :

09:00 Welcome Shashank Khandelwal 09:10 cloud.gov Overview 09:40 cloud.gov Hands-on I 10:20 Break 10:30 Federalist Will Slack 10:40 cloud.gov Hands-on II 11:30 Q & A github.com/18F/cg-workshop I Want You to use cloud.gov

461 views • 34 slides
Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core

Banking in the Cloud Ross Mallace Commercial Director Cloud/SaaS Cloud is here. ALL By 2020 most core most banking initiatives will be in the cloud John Schlesinger Changing Cloud Adoption in Financial Services Over 100

561 views • 20 slides
A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is highly scalable, and managed infrastructure capable of hosting end- customer applications and billed by consumption. - Forrester Virtual

399 views • 6 slides
Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ Platform is Crayons Cloud Service Scaling Engine. Offering best in class self- provisioning, billing and reporting capabilities to

346 views • 12 slides
Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland,

Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland,

Cloud-Integrated IP Design: Bursting EDA Workflows to the Public Cloud Jerome McFarland, Marketing Director, Elastifile Agenda Why Cloud? How Cloud? Real-World Example Why Cloud? IC Design Complexity is Steadily Increasing Process

604 views • 31 slides
Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON

Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON

Building a Private Cloud Cloud Infrastructure Using Opensource Building a Private Cloud OSCON 2010 Building a Private Cloud with Ubuntu Server 10.04 Enterprise Cloud (Eucalyptus) OSCON 2010 (Note: Special thanks to Jim Beasley, my lead Cloud

604 views • 37 slides
SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right?

SUSE OpenStack Cloud 126 126 What is SUSE OpenStack Cloud You know of Cloud Compute right? Maybe you use AWS or Azure? Allowing pay-as-you-go model for IT infrastructure and toward dynamic software-defined service delivery.

168 views • 16 slides
Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud

Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud

Towards ds a self elf auto tomated CE CERN Clo Cloud Jos Castro Len CERN Cloud Infrastructure CERN Cloud Team Who am I? Outlines Introduction CERN Cloud service Automation status Upcoming challenges Improvement

799 views • 34 slides
Going Cloud Native with Cloud Foundry @chipchilders Chip Childers, VP Technology Cloud Foundry

Going Cloud Native with Cloud Foundry @chipchilders Chip Childers, VP Technology Cloud Foundry

Going Cloud Native with Cloud Foundry @chipchilders Chip Childers, VP Technology Cloud Foundry Foundation Why does Cloud Native matter? Since 2000, 52% of the Fortune 500 are no longer on the list Continuous Innovation There is a rough

794 views • 50 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29

Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29

Cloud Native Go 6/28/17, 11)02 AM Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29 file:///Users/kimberlyamaral/Desktop/cng-presentation/pres.html#1 Page 1 of 38 Cloud Native Go 6/28/17, 11)02 AM Agenda

566 views • 38 slides
Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from

Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from

Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from IaaS to Accelerate digital SaaS creates huge new opportunities transformation to transform the speed, effjciency and operating costs of a

298 views • 10 slides
Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing Internet began in the 1950s Internet has been quite revolutoinary due to its lightning fast communication privelages and data sharing. Cloud

378 views • 6 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services, including Servers, Storage, Databases, Networking, Software, Analytics and Intelligence over the Internet (The Cloud) to offer faster innovation,

338 views • 13 slides
Nico Uys Cloud Business Line Manager 1 Recent SAP on cloud projects Lessons learned

Nico Uys Cloud Business Line Manager 1 Recent SAP on cloud projects Lessons learned

SAP in the cloud, do it right. Nico Uys Cloud Business Line Manager 1 Recent SAP on cloud projects Lessons learned Agenda Automation of the cloud Zag and our services Summary Q & A 2 Interesting Cloud Facts 1.

271 views • 23 slides
Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service

Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service

Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service Supercharge Your Desktop! Cloud IaaS Infrastructure as a Service Cloud Computing Work Smarter in the Cloud Cloud Single Sign-On Securely Access Many

627 views • 19 slides

More recommend