site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

Threats and countermeasures in AWS environments from an Attacker's perspective

Lv200

Lv200

8/24/2024 22:20 (UTC)

Session Info

In this presentation, I will introduce the approach and purpose of attacks on a company's AWS environment from the perspective of an attacker, taking into account the attacker's thinking from two perspectives: external intrusion and internal intrusion.

In particular, I will introduce the thought process and intrusion process from an offensive perspective.

Along with this, we will introduce security measures and awareness that will be useful to developers and operators.

Yuta  Morioka

Yuta Morioka

- AWS Community Builders -



Session Category
Security
Identity and compliance


AWS Services
IAM
EC2
Lambda
S3
RDS
DynamoDB
EBS

Session Materials


Session Summary (by Amazon Bedrock)
    The speaker, Yuta Morioka, a first-year graduate and AWS Community Builder, discusses threats and countermeasures in AWS environments from an attacker's perspective. He identifies two main causes of cloud environment threats: incorrect settings and vulnerable usage. Attackers typically have three primary goals: 1. Obtaining confidential information 2. Misusing resources 3. Causing business impact The initial objective for attackers is often to acquire credentials or API authentication information. The speaker introduces the MITRE ATT&CK framework, which outlines 11 steps in the attack lifecycle for cloud environments. Three main initial targets for attackers are: 1. Vulnerabilities in company-provided services 2. Phishing or malware attacks on employees 3. Attacks on related or partner companies The speaker discusses web application vulnerabilities, such as server-side request forgery (SSRF) and local file inclusion (LFI), which can be exploited to access internal resources or environment variables. He emphasizes the importance of understanding the attacker's perspective when developing security strategies. This includes identifying sensitive information, considering both internal and external threats, and implementing appropriate countermeasures. The presentation concludes by stressing the significance of recognizing attackers' motivations and goals, which typically involve obtaining confidential information, misusing AWS resources, or causing negative business impacts. The speaker recommends approaching security from multiple angles, including vulnerabilities in services, employee-targeted attacks, and potential risks from partner companies.

©JAWS-UG (AWS User Group - Japan). All rights reserved.