2018-024- Pacu, a tool for pentesting AWS environments
Published July 11, 2018
|
55 min
    Download
    Add to queue
    Copy URL
    Show notes

    Ben Caudill @rhinosecurity

    Spencer Gietzen @spengietz

     

    Rhino Security - https://rhinosecuritylabs.com/blog/

     

    AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

     

    What is the difference between this and something like Scout or Lynis?

     

    Is it a forensic or IR tool?

     

    How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?

     

    S3 bucket perms?

     

    Security Group policy fails

     

    Some of the hardening policies for Security groups?

    RDS?

     

    Where are you speaking… BSLV? DefCon?


    https://aws.amazon.com/whitepapers/aws-security-best-practices/

     

    https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

     

    https://aws.amazon.com/whitepapers/

     

    https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

     

    https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/


    Slack

    Patreon

    Bsides Springfield

     

    Join our #Slack Channel! Email us at bds.podcast@gmail.com

    or DM us on Twitter @brakesec

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00