SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

Download Resource

Presentation by Rob Ragan at Black Hat USA 2020

Do you know what's internet accessible in your AWS environments? The answer and methodology of how you arrive at the answer may be the difference between missing critical exposures and complete situational awareness.

Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of tools, techniques, and internet scanners can't find them.

In this presentation we look at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

What's inside:

  1. Learn how to continuously maintain an inventory of AWS services and understand their internet-exposures.
  2. Discover how to leverage automation from AWS Access Analyzer and a freely available open source tool from Bishop Fox to operationalize exposure testing.
  3. See practical demonstrations of how engineering and security teams can determine impact of their security group configurations.
Rob Ragan

About the author, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob

Extend Your Knowledge

Check out these related resources.

Adversarial Controls Testing Datasheet preview with purple background.
Datasheet

Adversarial Controls Testing Datasheet

Learn how Adversarial Controls Testing uses an attack-based approach mapped to the MITRE ATT&CK framework to determine the effectiveness of your email/phishing, endpoint, and network security controls.

Learn More
2024 Q3 DIGITAL DS Cosmos Service Now Tile
Datasheet

Cosmos for ServiceNow Datasheet

Learn how to effortlessly sync validated exposures from the Cosmos portal into your ServiceNow environment to streamline vulnerability management and remediate dangerous exposures before attackers can exploit them.
Learn More
Mockup of Bishop Fox's Guide to DORA Threat-Led Pen Testing
Guide

FAQ Guide: Acquiring DORA Threat-Led Penetration Testing

Bishop Fox’s comprehensive DORA FAQ guide walks you through everything you need to know about fulfilling these critical requirements. This resource is a must-have for financial institutions looking to stay ahead of DORA’s complex compliance landscape.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.