Cyber Defense Advisors

AWS Security

A compilation of stories written about AWS by Teri Radichel

There’s over 100 posts in this series which walks through implementing a secure AWS architecture with governance and not done…not going to repeat all these here so check out the links in the following post.

Automating Cybersecurity Metrics (ACM)

Temporary access to log into an AWS VM using an AWS IOT Button

IoT Security ~ AWS 1-Click Buttons

What is interesting about this particular post is that after publishing it, Azure implemented something called Just In Time access (JIT) on Azure with Privileged Access Management (PIM). You get limited access to a VM on Azure and when your time is up, access is shut off. Organizations can require people to request access prior to using it. Now this service is available in Azure for AWS EC2 instances (in preview at the time of this writing).

Why one of your favorite pentesting techniques doesn’t work on AWS

I was surprised just how popular this post has been over time. It was interesting to attend a presentation shortly after posting this at an event put on by an organization I work with. A copy of the diagram in this post was practically copied and put into the deck by the author. A different person was giving the talk with the slides and was surprised to see the slide and couldn’t explain it :-D. Please provide references and give credit when you lift other people’s content.

Why one of your favorite pen testing techniques doesn’t work on AWS

Amazon DocumentDB Network Access — Why the VPC?

I am continuously trying to explain network security to developers. I often feel like I haven’t done a good enough job because the topic keeps coming up but I’ll keep trying. This is one of those posts.

Amazon DocumentDB Network Access — Why the VPC?

Keys to AWS Success

Also you might be interested in this summary of Keys to AWS Success from Andy Jassy in a prior AWS re:Invent keynote.

Keys to AWS Success

SSH to an AWS EC2 Instance with a Chromebook

My nephew was helping me test my AWS security classes and had a Chromebook. He’s one of the least interested in school and technology in my family and didn’t even last very long after I wrote this post — but ironically is one of my post popular blog posts. (Though not into school or tech he is actually very good at math and just did an amazing job of adding brick pavers to our back yard. Everyone has their own “thing.”)

SSH to an AWS EC2 Instance with a Chromebook

Easier CloudFormation

Many people struggle with CloudFormation. I think that is in part due to the way it is presented. Hopefully this post makes it easier to get started.

Easier AWS CloudFormation

My History of DevSecOps

The first time I heard DevSecOps was when presented by some AWS security gurus at AWS re:Invent. That was part of my journey to AWS security.

My History of DevSecOps

.NET AWS Lambda Function

When AWS introduced .NET for AWS Lambda, I took a look. Surprisingly this has also been a very popular post. There must be a lot of people trying out .NET with AWS Lambda!

.NET AWS Lambda Function

Zooma! Zoom! Zoom!

I tried running Zoom on an AWS Workspace instance. It worked for a while but had some issues. I wish this work work on a standard EC2 instance because AWS Workspaces are a bit expensive.

Zooma! Zoom! Zoom!

Step by step approach to installing Zoom on Amazon Workspaces

The problem I hit was that the driver started failing after initially working. I haven’t got back to testing this further. I am also concerned about the security implications of installing this driver. I installed it on a machine specifically used for communications on a locked down network. I wish AWS would build a solution for this. (If they haven’t yet.)

Zoom on Amazon Workspaces

Cross account AWS IAM roles with external IDs and MFA

I use MFA when performing AWS penetration tests. It works with AWS IAM but not AWS SSO. This post explains how to MFA with the AWS CLI and an external ID. In my first link in this post I have posts on the related security threat that an external ID helps protect against — the confused deputy attack.

Cross account AWS IAM roles with external IDs and MFA

Install Go on AWS EC2

Based on my stats, a lot of people are interested in usign golang on AWS.

Install Go on AWS EC2

I wrote about the security benefits of Go here:

Security Benefits of Golang Concurrency

Real World Cloud Compromise

I gave a presentation for AWS Women in Tech on AWS application vulnerabilities found on penetration tests.

Real World Cloud Compromise

Serverless Security

In this presentation at RSA 2020 I talked about security services environments and a few issues I found on AWS penetration tests.

https://medium.com/media/88fb1a65171b2fe62fcac4d6702fc9f2/href

Red Team vs. Blue Team on AWS

In this presentation, Kolby Allen and I talk about attacks and defenses on AWS.

https://medium.com/media/6a109d02c89b05d9f72fc2caa3314e7a/href

Security & Machine Learning

In these posts I explore security and machine learning, and I tried an Amazon DeepRacer.

Security & Machine Learning — Part 1

AWS IAM Role Profiles with Boto3

In this post I explain how to use AWS IAM Roles with Boto3.

AWS IAM Role Profiles with Boto3

Mapping Attack Paths

This post talks about tools I use on AWS penetration tests to map out network attack paths.

Mapping Network Attack Paths

AWS 2020 re:Invent Announcements

AWS re:Invent 2020 Announcements

AWS Resources used in the Solar Winds Breach

This post explains how AWS resources were used in the Solar Winds Breach.

SolarWinds Hack: Retrospective

Hackers as Cloud Customers

Explained how attackers used AWS and Azure in the Solar Winds Breach.

Hackers as Cloud Customers

What’s in Your Cloud?

My most popular post (sadly) on the Capital One Breach.

What’s in your cloud?

Amazon declined to testify at congressional hearing on SolarWinds hack

A post on click bait reporting.

Amazon declined to testify at congressional hearing on SolarWinds hack

On Becoming an AWS Hero

On Becoming an AWS Hero

Container Escape in AWS HotPatch

Container Escape Vulnerability in AWS Hot Patch

Follow for updates.

Teri Radichel

If you liked this story please clap and follow:

******************************************************************

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

******************************************************************

© 2nd Sight Lab 2022

____________________________________________

Author:

Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts

AWS Security was originally published in Cloud Security on Medium, where people are continuing the conversation by highlighting and responding to this story.