Thoughts
- offer some training oppurtunities
- followup with Hemed and Mickey
- attack crypto frameworks
Notes
DPAPI
- @paulacqure
- personal story
- limited set of crypto to use, probably one of these
- animated walkthrough of concepts
- use of 3DES in chrome password store, password length?
whoami /priv
- Andrea Pierini
- @decoder_it
AWS Workshop
-
@Rzepsky
-
public access through ACL - should be deprectaed soon
-
encrypt your snapshots
-
lazys3 enumarate possible s3 bucket names
-
ransomware in cloud (without versioning)
-
logs from cloudwatch take 10-15m
-
KMS is quicker than the logs
-
you can copy snapshots to volumes, and then mount them
-
hidden info in a .git and previous commits
-
“oops, forgot to remove keys”
-
looking for files with high entropy
-
budget running away - used public access to run the highest CPU for crypto mining
-
pacu cloud attacking framework
-
allowing security roles with * and adding too much
-
AWS has soemthign called User Data which run a bash script on user startup, they should only be used once on instance create - you can add #cloud-boothook and cause it to run on every restart
-
you can upload new permissions and just set them as default (internal issue when they allow to uplaod a policy, that has roles that are out of scope for the role setting it as default)
-
there is an issue of figuring out what each roles does, in the end everyone get admin access
-
murder by amazon - account take over including backup removed the entire company
-
rotation of old keys is encouraged, but the date of last change (and alerts) only referes to the older key created
-
provide an additional training session - workshop as a promo
GPS
- pretty good talk
- comm with servers in china
- darkamtter
OSINT
- a lot of tools, need to review