Wednesday, July 11, 2018

2018-024- Pacu, a tool for pentesting AWS environments


Ben Caudill @rhinosecurity

Spencer Gietzen @spengietz

 

Rhino Security - https://rhinosecuritylabs.com/blog/

 

AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

 

What is the difference between this and something like Scout or Lynis?

 

Is it a forensic or IR tool?

 

How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?

 

S3 bucket perms?

 

Security Group policy fails

 

Some of the hardening policies for Security groups?

RDS?

 

Where are you speaking… BSLV? DefCon?


https://aws.amazon.com/whitepapers/aws-security-best-practices/

 

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

 

https://aws.amazon.com/whitepapers/

 

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

 

https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/


Slack

Patreon

Bsides Springfield

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

No comments: