Thoughts

  • offer some training oppurtunities
  • followup with Hemed and Mickey
  • attack crypto frameworks

Notes

DPAPI

  • @paulacqure
  • personal story
  • limited set of crypto to use, probably one of these
  • animated walkthrough of concepts
  • use of 3DES in chrome password store, password length?

whoami /priv

  • Andrea Pierini
  • @decoder_it

AWS Workshop

  • @Rzepsky
  • [email protected]

  • public access through ACL - should be deprectaed soon

  • encrypt your snapshots

  • lazys3 enumarate possible s3 bucket names

  • ransomware in cloud (without versioning)

  • logs from cloudwatch take 10-15m

  • KMS is quicker than the logs

  • you can copy snapshots to volumes, and then mount them

  • hidden info in a .git and previous commits

  • “oops, forgot to remove keys”

  • looking for files with high entropy

  • budget running away - used public access to run the highest CPU for crypto mining

  • pacu cloud attacking framework

  • allowing security roles with * and adding too much

  • AWS has soemthign called User Data which run a bash script on user startup, they should only be used once on instance create - you can add #cloud-boothook and cause it to run on every restart

  • you can upload new permissions and just set them as default (internal issue when they allow to uplaod a policy, that has roles that are out of scope for the role setting it as default)

  • there is an issue of figuring out what each roles does, in the end everyone get admin access

  • murder by amazon - account take over including backup removed the entire company

  • rotation of old keys is encouraged, but the date of last change (and alerts) only referes to the older key created

  • provide an additional training session - workshop as a promo

GPS

  • pretty good talk
  • comm with servers in china
  • darkamtter

OSINT

  • a lot of tools, need to review