ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

S3 security

?Download as PPTX, PDF?
?
Aditya Balapure
Aditya Balapure

This document discusses security tools and techniques for exploiting and detecting issues related to Amazon Web Services (AWS) S3 buckets. It introduces tools like Bucket Finder and DNS Recon that can be used to find exposed or misconfigured S3 buckets. It then covers access controls and policies that govern access to S3 buckets. Finally, it outlines several approaches for detecting public or misconfigured S3 objects using services like AWS Config, CloudTrail, Lambda functions, and CloudWatch rules to monitor for changes and automatically remediate issues.

1 of 12
Downloaded 17 times
S{0x3} Security - EXPLOITation & DETECTion
$whoami @adityabalapure ¡ñ aka Adi ¡ñ Security Engineer @ Grubhub ¡ñ Builder, Breaker, Fixer, author, speaker ¡ñ I love crypto, malware, the web and CVEs ¡ñ Tweet Tweet: @adityabalapure
Whats going on - Recon [1] [2] [3] [4]
Tools of the trade - Exploitation ¡ñ Bucket Finder ¡ñ DNS Recon ¡ñ Website Spidering ¡ñ Sandcastle ¡ñ AWSBucketDump ¡ñ teh_s3_bucketeers
Access 101 ¡ñ IAM Policies ¡ñ Bucket Policies ¡ñ Access Control Lists (ACL) ¡ñ Static Website Hosting
I will find you and I will fix you! - Detection ¡ñ Boto works phenomenally for automating detection scanning for S3 Objects/buckets ¡ñ AWS Config ¡ñ Cloudtrail/CloudWatch ¡ñ AWS Trusted Advisor (paid) ¡ñ Security Monkey AWS Config Capture Boto Scanning
I will find you and I will fix you! - Detection [1] CloudWatch logs detecting the ACL Change
I will find you and I will fix you! - Detection ¡ñ CloudWatch Rule Event Pattern
I will find you and I will fix you! - Detection ¡ñ CloudWatch Rules + Simple Notification Service (SNS) Rocks!
Lambda¡¯s Great! - Detect & Fix ¡ñ Lambda constantly monitors CloudWatch events for PutObjectAcl API Calls and fixes the ¡°public¡± object permission automatically as soon it is triggered CloudWatch Rule triggering our Lambda Function Lambda Function logs of objects being fixed automatically that were found to be public [1]
I will find you and I will fix you! - Detection ¡ñ S3 Bucket Event Notifications
Thank you!

More Related Content

S3 security

  • 2. $whoami @adityabalapure ¡ñ aka Adi ¡ñ Security Engineer @ Grubhub ¡ñ Builder, Breaker, Fixer, author, speaker ¡ñ I love crypto, malware, the web and CVEs ¡ñ Tweet Tweet: @adityabalapure
  • 3. Whats going on - Recon [1] [2] [3] [4]
  • 4. Tools of the trade - Exploitation ¡ñ Bucket Finder ¡ñ DNS Recon ¡ñ Website Spidering ¡ñ Sandcastle ¡ñ AWSBucketDump ¡ñ teh_s3_bucketeers
  • 5. Access 101 ¡ñ IAM Policies ¡ñ Bucket Policies ¡ñ Access Control Lists (ACL) ¡ñ Static Website Hosting
  • 6. I will find you and I will fix you! - Detection ¡ñ Boto works phenomenally for automating detection scanning for S3 Objects/buckets ¡ñ AWS Config ¡ñ Cloudtrail/CloudWatch ¡ñ AWS Trusted Advisor (paid) ¡ñ Security Monkey AWS Config Capture Boto Scanning
  • 7. I will find you and I will fix you! - Detection [1] CloudWatch logs detecting the ACL Change
  • 8. I will find you and I will fix you! - Detection ¡ñ CloudWatch Rule Event Pattern
  • 9. I will find you and I will fix you! - Detection ¡ñ CloudWatch Rules + Simple Notification Service (SNS) Rocks!
  • 10. Lambda¡¯s Great! - Detect & Fix ¡ñ Lambda constantly monitors CloudWatch events for PutObjectAcl API Calls and fixes the ¡°public¡± object permission automatically as soon it is triggered CloudWatch Rule triggering our Lambda Function Lambda Function logs of objects being fixed automatically that were found to be public [1]
  • 11. I will find you and I will fix you! - Detection ¡ñ S3 Bucket Event Notifications