2018-024- Pacu, a tool for pentesting AWS environments

55:20
 
Share
 

Manage episode 212449919 series 2391615
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Ben Caudill @rhinosecurity

Spencer Gietzen @spengietz

Rhino Security - https://rhinosecuritylabs.com/blog/

AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

What is the difference between this and something like Scout or Lynis?

Is it a forensic or IR tool?

How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?

S3 bucket perms?

Security Group policy fails

Some of the hardening policies for Security groups?

RDS?

Where are you speaking… BSLV? DefCon?

https://aws.amazon.com/whitepapers/aws-security-best-practices/

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

https://aws.amazon.com/whitepapers/

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/

Slack

Patreon

Bsides Springfield

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

249 episodes available. A new episode about every 7 days averaging 54 mins duration .