In this chapter of the Aviata Cloud Solo Flight Challenge workshop series, you will learn to utilize Private Endpoints to allow secure connections to cloud services without internet access.
Dive into a real-world AWS Lambda application to see how attackers can exploit misconfigured endpoints to exfiltrate data and execute remote code. Gain practical skills to lock down your Lambda, secure IAM credentials, and fortify your private network. Tweak endpoint policies to thwart these advanced attacks. Don't miss this opportunity to elevate your cloud security expertise!
Learning Objectives:
- Setup two sandbox AWS accounts
- See firsthand how private endpoints can be used to prevent cloud credential theft
- Prove that a misconfigured endpoint policy can enable data exfiltration
- Implement a proper endpoint policy to block exfiltration via AWS services
- Exploit a supply-chain attack to perform Remote Code Execution without internet access
- Analyze how a supply-chain attack can enable bad actors to exfiltrate data from compute instances, including AWS Lambda functions
- Use exfiltrated cloud credentials to escalate privileges for other AWS services
- Isolate the Lambda in a private VPC and use private endpoints to enable legitimate access to AWS services
- Block access to data in AWS services from outside of the private VPC
- Prove that a misconfigured endpoint policy can enable data exfiltration from an isolated environment using AWS services
- Implement a proper endpoint policy to block exfiltration using AWS services.
About the Speaker:
Brandon Evans is the owner and an InfoSec Consultant at On-Brand Technologies LLC, a consultancy helping organizations secure their applications and other workloads in multi cloud environments, specializing in AWS, Azure, and Google Cloud. Prior to starting his consultancy, Brandon led the secure development training program at Zoom Video Communications. He began his career as a Software Engineer, where he worked on both the core product of a startup, later acquired by a Fortune 500 organization, and on various products spanning a multi-billion dollar enterprise. Brandon is lead author for SEC510: Cloud Security Controls and Mitigations a contributor to SEC540: Cloud Security and DevSecOps Automation, host of Cloud Ace podcast, Season 1, an analyst for the SANS Multicloud Survey, and a multi-year RSA Conference presenter. Learn more about him at www.sans.org/profiles/brandon...
This workshop supports content and knowledge from SEC510: Cloud Security Controls and Mitigations. Learn more about the course at www.sans.org/cyber-security-c...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: www.giac.org/focus-areas/clou...
LinkedIn: sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec