Rob Ragan and Oscar Salazar Present at ACoD 2020
- Date:
- Past Event
- Location:
- Trinity Hall 311 E 5th St, Austin, Texas 78701
Bishop Fox's Principal Researcher Rob Rogan and Principal Security Associate Oscar Salazar recently presented at Art Into Science. See details on their talk below.
Expose Yourself: Without Insecurity
Download the presentation
How do you find out what's on the internet in your cloud environments?
Smog Cloud
Find cloud assets that no one wants exposed
AWS Patterns
These are the patterns of exposure URIs that you may find in your AWS accounts:
| s3 | https://{user_provided}.s3.amazonaws.com |
| cloudfront | https://{random_id}.cloudfront.net |
| ec2 | ec2-{ip-seperated}.compute-1.amazonaws.com |
| es | https://{user_provided}-{random_id}.{region}.es.amazonaws.com |
| elb | http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80 https://{user_provided}-{random_id}.{region}.elb.amazonaws.com:443 |
elbv2 |
https://{user_provided}-{random_id}.{region}.elb.amazonaws.com |
| rds | mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306 postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432 |
| route 53 | {user_provided} |
| execute-api | https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided} |
| cloudsearch | https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com |
transfer |
sftp://s-{random_id}.server.transfer.{region}.amazonaws.com |
| iot | mqtt://{random_id}.iot.{region}.amazonaws.com:8883 https://{random_id}.iot.{region}.amazonaws.com:8443 https://{random_id}.iot.{region}.amazonaws.com:443 |
| mq | https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162 ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617 |
| kafka | b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com {user_provided}.{random_id}.c{1,2}.kafka.useast-1.amazonaws.com |
| cloud9 | https://{random_id}.vfs.cloud9.{region}.amazonaws.com |
| mediastore | https://{random_id}.data.mediastore.{region}.amazonaws.com |
| kinesisvideo | https://{random_id}.kinesisvideo.{region}.amazonaws.com |
| mediaconvert | https://{random_id}.mediaconvert.{region}.amazonaws.com |
| mediapackage | https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel |
ACodD Presentation Abstract:
Right now, at the click of a button, can you answer the question “What in my cloud environments is internet-facing?”
For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any security program. How can we practically make the dynamic changes occurring in every cloud account easier to monitor for unnecessary exposures?
In this presentation we will look at the most pragmatic ways to continuously monitor your cloud environments and operationalize that information to identify vulnerabilities. From AWS Provable Security Model and Access Analyzer, to customized automation, and review the state of the art with major cloud providers.
For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any security program. How can we practically make the dynamic changes occurring in every cloud account easier to monitor for unnecessary exposures?
In this presentation we will look at the most pragmatic ways to continuously monitor your cloud environments and operationalize that information to identify vulnerabilities. From AWS Provable Security Model and Access Analyzer, to customized automation, and review the state of the art with major cloud providers.
Authors
Acknowledgments
- Hat tip to anyone whose code was used
- Inspiration
- etc.