亚基尔·卡德科达与迈克尔·卡钦斯基与奥费克·伊塔赫_通过影子资源入侵AWS帐户.pdf

《亚基尔·卡德科达与迈克尔·卡钦斯基与奥费克·伊塔赫_通过影子资源入侵AWS帐户.pdf》由会员分享，可在线阅读，更多相关《亚基尔·卡德科达与迈克尔·卡钦斯基与奥费克·伊塔赫_通过影子资源入侵AWS帐户.pdf（101页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsBreaching AWS AccountsThroughShadow ResourcesYakir KadkodaMichael KatchinskiyOfek Itach#BHUSA BlackHatEventsAWS Account IDEach AWS account has a unique account ID12-digit IDSome treat it as a secret,others dont#BHUSA BlackHatEventsAWS Account IDEach AWS account has a unique acco

2、unt ID12-digit IDSome treat it as a secret,others dont#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventshttps:/ BlackHatEvents#BHUSA BlackHatEventsYakir KadkoaSecurityLead Security ResearcherYakirKadMichael KatchinskiyFormerly SecuritySenior Security Researchermike_katchOfek ItachSecuri

3、tySenior Security Researcherofekitachaws sts get-caller-identity#BHUSA BlackHatEventsAgendaIntroduce“Shadow Resources”Showcase several AWS vulnerabilitiesIntroduce BucketMonopolyMitigation and RecommendationsDemonstrate open-source tool TrailShark#BHUSA BlackHatEvents#BHUSA BlackHatEventsShadow Reso

4、urce AWS resources generated automatically or semi-automaticallyMost of the time,spawned without user interventionMight go unnoticedby the account owner#BHUSA BlackHatEventsS3 Buckets as Shadow Resources#BHUSA BlackHatEventsBucket UniquenessIf you create cool-bucket-1,no one else can claim that buck

5、et nameS3 bucket names must be globally unique across all AWS accountsAWS CloudFormation Vulnerability#BHUSA BlackHatEventsWhat is AWS CloudFormation?https:/ or use an existing templateSave locally or in S3 bucketUse AWS CloudFormation to create a stack based on your template123#BHUSA BlackHatEvents

6、1Upload a template fileAWS CloudFormationAWS UserCreateUploadBucketIf the Bucket Does Not Exists:Create BucketReturn Bucket Name2BucketNamePutObject345CreateStack6template_file.yaml#BHUSA BlackHatEventsCloudFormation Bucket NameRegionPrefixHashcf-templates-a3gjv31ap90h-us-east-1#BHUSA BlackHatEvents