recentpopularlog in

whip_lash : aws   83

« earlier  
nsriram/lambda-the-cli-way: AWS Lambda, using CLI. An introductory aws lambda cookbook for the serverless enthusiasts.
The objective of this tutorial is to understand AWS Lambda in-depth, beyond executing functions, using CLI. This tutorial walks through setting up AWS CLI, dependencies for AWS Lambda, getting your first Lambda function running, many of its important features & finally integrating with other AWS services.
aws  devops  lambda  cli  tutorial 
7 weeks ago by whip_lash
uswitch/kiam: Integrate AWS IAM with Kubernetes
kiam runs as an agent on each node in your Kubernetes cluster and allows cluster users to associate IAM roles to Pods.
aws  kubernetes  k8s  iam 
10 weeks ago by whip_lash
Overview - AWS Well-Architected Labs
This repository contains documentation and code in the format of hands-on labs to help you learn, measure, and build using architectural best practices. The labs are categorized into levels, where 100 is introductory, 200/300 is intermediate and 400 is advanced.
aws  security  labs 
11 weeks ago by whip_lash
Detecting Manual AWS Console Actions
In this post I’ll describe a set of AWS Cloudtrail alerting rules that let you detect when someone makes a manual change in your AWS Console. This has been one of the highest signal / lowest noise alerts we created in our organization - it lets us know when engineers do things like, i.e., manually add new security group ingress rules through the AWS Console
aws  devops  security  alerting  cloudtrail 
november 2019 by whip_lash
WeirdAAL (AWS Attack Library) Basics from the Authors - The Ethical Hacker Network
WeirdAAL has two goals related to the AWS keys you find, procure, or need to test. First, answer the “what can I do with this AWS key pair” from a blackbox perspective. Secondly, be a repository of useful functions, both offensive and defensive, to interact with AWS Services. This article is meant to be a basic tutorial to get you started.
aws  pentest  weirdaal  tool  python 
september 2019 by whip_lash
Rotating AWS IAM Keys — Finally Made Easy and Automated
I determined that the only secure, easy, and automated solution was to use a script on the client machine.
aws  iam 
september 2019 by whip_lash
A list of IAM permissions you can use in policy documents. Collected from the myriad of places Amazon hides them. (incomplete)
A list of IAM permissions you can use in policy documents. Collected from the myriad of places Amazon hides them. (incomplete)
iam  aws 
september 2019 by whip_lash
A Minimum Viable CloudFormation Template - Adam Johnson
Sometimes when testing CloudFormation features I need a minimum viable template to try that feature with.
cloudformation  aws 
august 2019 by whip_lash
hehnope/slurp: Evaluate the security of S3 buckets
Credit to all the vendor packages that made this tool possible.
This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets.
aws  s3  pentest 
august 2019 by whip_lash
Voulnet/barq: barq: The AWS Cloud Post Exploitation framework!
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.
aws  pentest  pentesting 
august 2019 by whip_lash
Netflix Information Security: Preventing Credential Compromise in AWS
Today, we would like to share two additional layers of security: API enforcement and metadata protection. These layers can be used to help prevent credential compromise in your environment.
aws  security 
july 2019 by whip_lash
cloud-custodian/cloud-custodian: Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management.

Custodian policies are written in simple YAML configuration files that enable users to specify policies on a resource type (EC2, ASG, Redshift, CosmosDB, PubSub Topic) and are constructed from a vocabulary of filters and actions.

It integrates with the cloud native serverless capabilities of each provider to provide for real time enforcement of policies with builtin provisioning. Or it can be run as a simple cron job on a server to execute against large existing fleets.
aws  gcp  cloud  compliance  security 
july 2019 by whip_lash
RiotGames/cloud-inquisitor: Enforce ownership and data security within AWS
Cloud Inquisitor can be used to improve the security posture of your AWS footprint through:

monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
detecting domain hijacking.
verifying security services such as Cloudtrail and VPC Flowlogs.
managing IAM policies across multiple accounts.
aws  security 
july 2019 by whip_lash
Netflix/repokid: AWS Least Privilege for Distributed, High-Velocity Deployment
Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account.
aws  security  iam 
july 2019 by whip_lash
StreamAlert — streamalert 2.2.0 documentation
StreamAlert is a serverless, real-time data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using data sources and alerting logic you define. Computer security teams use StreamAlert to scan terabytes of log data every day for incident detection and response.

Incoming log data is classified and scanned by the StreamAlert rules engine running in your AWS account. Rule matches are reported to one or more alert outputs:
aws  security  dfir 
july 2019 by whip_lash
A Tale of Two Buckets: Investigating Multi-Account IAM Issues in S3 and CloudFront - Thence Consulting
Fortunately, OAI has a hack a S3CanonicalUserId property which you can (only) find via an API call like the one below
aws  iam  s3  cloudfront  lambda 
july 2019 by whip_lash
CloudGoat 2 Walkthrough - Part One ·
I’ve previously written a walkthrough of the original CloudGoat deployment tool, and as before I’ll be demonstrating some common attack vectors, as well as showing how you can help defend your AWS environments against these kinds of attacks.
aws  pentest  ctf 
july 2019 by whip_lash
Cloudgoat 2 Walkthrough - Part Five ·
This is the final part of a five part series exploring CloudGoat 2, a “vulnerable by design” AWS deployment tool from Rhino Security Labs, which is a great resource for learning about performing pen tests on AWS environments and, by proxy, defending your own accounts from the same issues.
aws  cloud  cloudgoat  ctf 
july 2019 by whip_lash
GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Favorite tweet:

A Huge List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

— Emad Shanab (@Alra3ees) June 29, 2019
pentest  aws  security  tools 
june 2019 by whip_lash
Security Incident: Be Prepared – Memory Dumps | We Are Cloudar
In this blog post, I’d like to focus on some of the first steps you might take in your investigation:

Building a forensics workstation and taking a memory dump of a compromised instance.
Preparation steps and tools, both for windows and linux.
The forensics investigation process.
An investigation of a real memory dump.
aws  forensics  dfir 
june 2019 by whip_lash
Projects on Amazon Web Services (AWS)
Step-by-step guides to help you build and launch your AWS workload
aws  learning  tutorials 
june 2019 by whip_lash
Productionproofing EKS – Glia Tech – Medium
We recently migrated SaleMove infrastructure from self-managed Kubernetes clusters running on AWS to using Amazon Elastic Container Service for Kubernetes (EKS). There were many surprises along the way to getting our EKS setup ready for production. This post covers some of these gotchas (others may already be fixed or are not likely to be relevant for a larger crowd) and is meant to be used as a reference when thinking of running EKS in production.
aws  devops  kubernetes  sre  eks 
june 2019 by whip_lash, a mighty CLI for AWS – Henri – Medium is an alternative CLI for AWS that values simplicity over exhaustivity. It aims to perform 90 percent of tasks much more easily by changing the definitions of commands. is not just a “front-end” to aws-cli. It is a new CLI implemented in Go using the official AWS Go SDK.
amazon  aws  cli 
june 2019 by whip_lash
Serverless Microservice Patterns for AWS - Jeremy Daly
I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.
architecture  aws  cloud  lambda  serverless  microservices 
june 2019 by whip_lash
AWS SSM is a trojan horse: fix it now! | cloudonaut
You have to be very careful about the following permissions which can be used to execute a command on an EC2 instance via the SSM agent
aws  security 
june 2019 by whip_lash
AWS Policy Generator
The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources. For more information about creating policies, see key concepts in Using AWS Identity and Access Management. Here are sample policies.
aws  policy  tool  security 
june 2019 by whip_lash
We Turned Off AWS Config - DZone Cloud
For the five AWS accounts on which we’ve enabled Config, the service is costing us over $3,300 per month, or around $40,000 a year.
june 2019 by whip_lash
CloudCopy — Stealing hashes from Domain Controllers in the Cloud
CloudCopy is an attack I developed for performing the Shadow Copy abuse within AWS. What sets this apart from the original attack, other than being in the cloud, is that it requires far lower permissions to execute and does not require any commands to be run against the target instance. If an attacker possesses the CreateSnapshot and ModifySnapshotAttribute permissions, they can create a snapshot of a running instance, mount it to a separate attacker controlled instance, and browse its contents without authentication.
aws  pentest 
june 2019 by whip_lash
Why AWS access and secret keys should not be in the codebase - Advanced Web Machinery
Where keys should come from

In short: the environment. Environment variables are precisely for this scenario, and they can be different for production/staging/development.
aws  authentication 
june 2019 by whip_lash
AWS Elastic Beanstalk – Deploy Web Applications
You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

There is no additional charge for Elastic Beanstalk - you pay only for the AWS resources needed to store and run your applications.
aws  cloud  infrastructure  beanstalk 
may 2019 by whip_lash
AWS Fargate - Run containers without having to manage servers or clusters
AWS Fargate seamlessly integrates with Amazon ECS. You just define your application as you do for Amazon ECS. You package your application into task definitions, specify the CPU and memory needed, define the networking and IAM policies that each container needs, and upload everything to Amazon ECS. After everything is setup, AWS Fargate launches and manages your containers for you.
aws  cloud  containers  docker 
may 2019 by whip_lash
TryHackMe | awspentesting
This room will look at how to carry out penetration testing in the AWS Cloud Environment.
aws  pentest  cloud  security 
may 2019 by whip_lash
GitHub - Netflix/bless: Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
BLESS is an SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH public keys.

SSH Certificates are an excellent way to authorize users to access a particular SSH host, as they can be restricted for a single use case, and can be short lived. Instead of managing the authorized_keys of a host, or controlling who has access to SSH Private Keys, hosts just need to be configured to trust an SSH CA.
aws  lambda  ssh  netflix  authentication 
may 2019 by whip_lash
AWS IAM Exploitation – Security Risk Advisors
Favorite tweet:

Great primer on AWS IAM Exploitation

— Lares (@Lares_) April 30, 2019
aws  security  iam  pentest 
may 2019 by whip_lash
New – AWS Systems Manager Session Manager for Shell Access to EC2 Instances | AWS News Blog
Today we are adding a new option for shell-level access. The new Session Manager makes the AWS Systems Manager even more powerful. You can now use a new browser-based interactive shell and a command-line interface (CLI) to manage your Windows and Linux instances.
aws  cloud  shell 
april 2019 by whip_lash
AWS Risk Model
An expert forecasting session recorded the judgements of these experts for each AWS configuration. These are then tranformed into a statistical model representing their beliefs as an entire panel.
aws  risk  InfoSec  cloud 
april 2019 by whip_lash
A deep dive into the AWS network – Txens
If the way about how to implement your network within AWS is well documented, the AWS network itself is not documented at all and we have to merge several sources of information to get a good overview of its design. That’s what this blog post is about.
aws  cloud  networking 
january 2019 by whip_lash
AWS Documentation
Find user guides, developer guides, API references, tutorials, and more.
aws  documentation 
december 2018 by whip_lash
flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
aws  security  pentest  pentesting  ctf  tutorial 
december 2018 by whip_lash
SANS Institute: Reading Room - Cloud Computing
Companies using AWS (Amazon Web Services) will find that traditional means of full packet capture using span ports is not possible. As defined in the AWS Service Level Agreement, Amazon runs certain aspects of the cloud platform and does not give customers access to physical networking hardware. Although access to physical network equipment is limited, packet capture is still possible on AWS but needs to be architected in a different way.
aws  networking  security 
november 2018 by whip_lash
AWS Lambda + Serverless Framework + Python — A Step By Step Tutorial — Part 1 “Hello World”
I am creating a series of blog posts to help you develop, deploy and run (mostly) Python applications on AWS Lambda using Serverless Framwork.
aws  python  lambda  serverless 
september 2018 by whip_lash
UsefulScripts/ at master · chrismaddalena/UsefulScripts · GitHub
This script performs the necessary actions for collecting the latest IP addresses used by Amazon
Web Services, Google Compute, and Microsoft Azure. At the end, all IP addresses are output to
a CloudIPs.txt file. Each range is printed on a new line following a header naming the provider.
As discussed at
aws  azure  github  cloud 
september 2018 by whip_lash
A practical look at basic AWS Networking with Terraform | OpsTips
A conventional AWS Networking Tutorial out there using Terraform doesn't go around the concepts of AWS Networking. Check out how to provision an AWS VPC with multiple subnets and configure security groups using Terraform.
aws  networking  terraform 
july 2018 by whip_lash
Netflix/security_monkey: Security Monkey
Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories.
aws  devops  github  monitoring  security 
july 2018 by whip_lash
Cyberduck | Libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox
Cyberduck is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox.
aws  cloud  storage  s3  tool 
july 2018 by whip_lash
Hosting a Static Website on Amazon S3 - Amazon Simple Storage Service
You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. Amazon Web Services (AWS) also has resources for hosting dynamic websites. To learn more about website hosting on AWS, go to Websites and Website Hosting.
amazon  aws  s3  hosting 
july 2018 by whip_lash
An Introduction to Terraform – Gruntwork
Learn the basics of Terraform in this step-by-step tutorial of how to deploy a cluster of web servers and a load balancer on AWS
automation  aws  terraform  tutorial 
july 2018 by whip_lash
open-guides/og-aws: 📙 Amazon Web Services — a practical guide
This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.
amazon  aws  cloud  github  guide 
july 2018 by whip_lash
Hiding Secrets in Terraform
Unfortunately, in order to set up most of these services you need usernames and passwords to be set - and since you can potentially change these passwords via Terraform then it stands to reason that Terraform is going to need be able to compare your old credentials with possible new ones.

To facilitate this it stores all settings, including usernames, passwords, port numbers and literally everything else in these tfstate files, in plain text.

This wasn’t something I’d have expected as the default behaviour. The documentation does suggest that you use a thing called Remote State (more on that later)
terraform  cloud  aws  passwords 
july 2018 by whip_lash
How we built for less than $1 a month on AWS | Bad Sector Labs Blog
Normally, the first step for this kind of project is to start up a linux server, but serverless computing is on the rise. We've never dealt with Lambda or any other "serverless" technology before so lets give it a shot.
architecture  aws  software  web 
march 2018 by whip_lash
Tutorial: Implementing a DDoS-resistant Website Using AWS Services - AWS WAF and AWS Shield Advanced
This tutorial shows you how to use several AWS services together to build a resilient, highly secure website.
aws  webapp  webdesign  webdev  website 
november 2017 by whip_lash
« earlier      
per page:    204080120160

Copy this bookmark:

to read