Ben Caudill @rhinosecurity
Spencer Gietzen @spengietz
Rhino Security - https://rhinosecuritylabs.com/blog/
AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
What is the difference between this and something like Scout or Lynis?
Is it a forensic or IR tool?
How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?
S3 bucket perms?
Security Group policy fails
Some of the hardening policies for Security groups?
RDS?
Where are you speaking… BSLV? DefCon?
https://aws.amazon.com/whitepapers/aws-security-best-practices/
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
https://aws.amazon.com/whitepapers/
https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/
Slack
Patreon
Bsides Springfield
Join our #Slack Channel! Email us at bds.podcast@gmail.com
or DM us on Twitter @brakesec
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
No comments:
Post a Comment