SANSCloudSecuritySummit2018 icon indicating copy to clipboard operation
SANSCloudSecuritySummit2018 copied to clipboard

Published 20 hours ago verified publisher icon toniblyx

Metadata

Materials used and mentioned during my talk at SANS Cloud Security Summit 2018 in San Diego

Tools and code used during my talk at SANS Cloud Security Summit 2018 in San Diego

Forensics as a Service: IRDF in the Cloud

February 19th, 2018

Presentation in PPTX format

See file Forensics-as-a-Service-Toni-de-la-Fuente-SanDiego-2018.pptx in this repo. You can easier use all links in the References slide. All links are also below in this README.

Some commands used during my Demo

1- ./prowler -c forensics-ready

2- Incident Response aws_ir (Tools Instance):

Demo Video instance compromise

Demo Video key compromise

  • --target i-12345678901234 --user ubuntu --ssh-key ~/key-toplay.pem \
--plugins gather_host,snapshotdisks_host,tag_host,examineracl_host,get_memory,isolate_host,stop_host```
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime imageinfo
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime --profile=Ubuntu14043 linux_pslist
  • aws_ir key-compromise --access-key-id AKIAJTEST

4- Hardening template, SecurityMonkey

Demo Video

  • hardening template from here
  • run prowler (ssh to Tools Instance, aws-cli must be configured)
  • cd /opt/aws-cis-security-benchmark
  • ./prowler
  • show securitymonkey

All links and tools mentioned during the talk

  • https://github.com/dagrz/aws_pwn
  • Serverless Security https://www.rsaconference.com/writable/presentations/file_upload/asd-f01_serverless-security-are-you-ready-for-the-future.pdf
  • https://github.com/devsecops/lambhack
  • https://blyx.com/2016/03/11/forensics-in-aws-an-introduction/
  • https://blyx.com/2016/06/16/cloud-forensics-caine7-on-aws/
  • https://s3-us-west-2.amazonaws.com/threatresponse-static/us-16-Krug-Hardening-AWS-Environments-and-Automating-Incident-Response-for-AWS-Compromises-wp.pdf
  • https://aws.amazon.com/premiumsupport/trustedadvisor/
  • https://aws.amazon.com/cloudtrail/
  • https://azure.microsoft.com/en-us/resources/videos/azure-operational-insights-overview/
  • https://aws.amazon.com/cloudformation/
  • https://aws.amazon.com/config/
  • https://github.com/Alfresco/prowler
  • https://github.com/nccgroup/Scout2
  • https://github.com/Netflix/security_monkey
  • https://github.com/Netflix/edda
  • https://github.com/Netflix/Fido
  • https://github.com/capitalone/cloud-custodian
  • https://github.com/awslabs/aws-security-benchmark
  • https://github.com/cloudsploit
  • https://github.com/widdix/aws-cf-templates/tree/master/security#account-password-policy
  • https://github.com/jantman/awslimitchecker
  • https://blogs.msdn.microsoft.com/azuresecurity/2017/01/04/get-hands-on-experience-with-oms-security-with-oms-suite-experience-center/
  • https://github.com/spotify/gcp-audit
  • https://github.com/awslabs/git-secrets
  • https://wazuh.com
  • https://aws.amazon.com/macie/
  • https://github.com/andresriancho/nimbostratus
  • https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/log-analytics/log-analytics-overview.md
  • https://azure.microsoft.com/en-us/resources/videos/azure-operational-insights-overview/
  • https://github.com/mwrlabs/Azurite
  • https://github.com/azsdk/azsdk-docs
  • https://github.com/Azure/AzureStack-Tools
  • https://www.sans.org/reading-room/whitepapers/cloud/digital-forensic-analysis-amazon-linux-ec2-instances-38235

Metadata

22
Stars
10
Forks
Watchers

Owner

verified publisher icon toniblyx

Metadata

Materials used and mentioned during my talk at SANS Cloud Security Summit 2018 in San Diego

Back