TL;DR
Cloud security is the practice of keeping cloud resources, identities, and data from being abused by attackers who reach your environment. Most cloud compromises today follow a small set of repeating patterns: an exposed credential or token, a permission that was broader than it needed to be, a storage bucket that was readable when it should not have been, or a metadata endpoint that handed out temporary access keys to anyone who asked.
By Shubham Khandare, Delivery Manager, SecureLayer7Updated
Topics
- AWS Penetration Testing: Scope and Methodology: what a cloud pentest covers, where the AWS Acceptable Use Policy starts and ends, and what changes when the target is fully on AWS.
- What is the IMDSv1 Attack?: the EC2 instance metadata service, why version 1 was the trigger for the largest cloud breach on record, and what IMDSv2 fixes.
- S3 Bucket Misconfigurations: What Goes Wrong and How to Find It: public buckets, world-writable ACLs, signed-URL leaks, replication misconfigurations.
- AWS IAM Privilege Escalation: Common Attack Paths: the moves that turn a low-privilege role into administrator. PassRole, iam:CreatePolicy, lambda:UpdateFunctionCode, and friends.
- What is Kubernetes Penetration Testing?: what changes when the target is a Kubernetes cluster instead of a fleet of VMs.
References
- [1]AWS Penetration Testing Policy(AWS)
- [2]CIS AWS Foundations Benchmark(CIS)
- [3]MITRE ATT&CK for Cloud(MITRE)
Related terms