《云上攻防探讨.pdf》由会员分享,可在线阅读,更多相关《云上攻防探讨.pdf(21页珍藏版)》请在三个皮匠报告上搜索。
1、Jaguar Land Rover Confidential 2024AWS Attack and Defense AWS Attack and Defense Sharing InsightsSharing InsightsC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T2C o n t e n tCloud Security Posture in the Automotive Industry4 Cloud Security RisksReal-World AWS Attack Technique
2、sKey Domains in Cloud Security:A Comprehensive Approach3Cloud Security Posture in Cloud Security Posture in the Automotive Industrythe Automotive IndustryC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T4Upstreams 2024 Report:The Automotive The Automotive Industry Expands Indus
3、try Expands into the Smart into the Smart Mobility Mobility EcosystemEcosystemC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T5A u t o m o t i v e I n c i d e n t s T r e n dA u t o m o t i v e I n c i d e n t s T r e n dAutomotive&Smart Mobility incidents continue to grow2010
4、-2023incidents2023incidents1,4681,468295295*Source:Upstream 2024 Automotive Cybersecurity ReportC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T62 0 2 3 A u t o m o t i v e A t t a c k V e c t o r s2 0 2 3 A u t o m o t i v e A t t a c k V e c t o r sECU,9%EV Charging,4%Cloud,
5、43%API,13%Remote Keyless,7%Infotainment,15%Other,9%2023 Automotive Attack Vectors2023 Automotive Attack Vectors*Source:Upstream 2024 Automotive Cybersecurity ReportCloud+API 50%74 Cloud Security Risks4 Cloud Security RisksC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T84 C l
6、o u d S e c u r i t y R i s k s4 C l o u d S e c u r i t y R i s k sUnmanaged Attack SurfaceHuman ErrorMisconfigurationData Breach4 Cloud 4 Cloud Security Security RisksRisks9RealReal-World AWS Attack World AWS Attack TechniquesTechniquesC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI
7、M P A C T10C y b e r K i l l C h a i n o n A W SC y b e r K i l l C h a i n o n A W S1.Enumeration 1.Enumeration 2.Exploitation2.Exploitation3.Privilege 3.Privilege EscalationEscalation4.Persistence4.Persistence5.Post 5.Post exploitationexploitation6.Profit6.ProfitC U S T O M E R L O V EU N I T YI N
8、 T E G R I T YG R O W T HI M P A C T11E n u m e r a t i o nE n u m e r a t i o nDisclosed AWS credentials on Internet(GitHub,CSDN,Google Drive.)Public access S3 bucketsServer ports exposed to the InternetPublic access web applicationsPublic stored snapshots Disclosed Cognito identityFederated identi
9、tiesC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T12E n u m e r a t i o n S a m p l eE n u m e r a t i o n S a m p l eC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T13I A M A b u s eI A M A b u s eIAM:IAM:CreatePolicyVersionCreatePolicyVersionIAM:IAM:
10、AttachUserPolicyAttachUserPolicyAbused PolicyARN:Abused PolicyARN:arn:aws:iam:aws:policy/AdministratorAccessC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T14S S R FS S R FEC2EC2URI=http:/169.254.169.254/latest/meta-data/iam/security-credentials/$ec2-roleECSECScat/proc/self/en
11、vironhttp:/169.254.170.2/v2/credentials/7d4258cf-f483-464c-8ad1-ad63fbd7ef40C U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T15LambdaLambda/proc/self/environWrite Lambda Write Lambda codecodeCreate/Update Create/Update Lambda Lambda FunctionFunctionInvoke Lambda Invoke Lambda F
12、unctionFunctionS S R FS S R FC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T16Describe DB Public SnapshotRestore DB Instance from DB SnapshotModify security groupsUpdate Database Master PasswordCompromise Database*aws rds modify-db-instance-db-instance-identifier rds-lab-2-ma
13、ster-user-password 1234Qwer!C o m p r o m i s e P u b l i c A W S R D S S n a p s h o tC o m p r o m i s e P u b l i c A W S R D S S n a p s h o tC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T17A W S C r e d e n t i a l s A b u s e b y U s i n g G i t H u b A c t i o n sA W
14、S C r e d e n t i a l s A b u s e b y U s i n g G i t H u b A c t i o n sC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T18D e m o D e m o S 3 o b j e c t s a c c e s s c o n t r o lS 3 o b j e c t s a c c e s s c o n t r o lhttps:/vampiretommybucket- s3 ls s3:/vampiretommybuc
15、ket-1-no-sign-requestaws s3 cp s3:/vampiretommybucket-1/credentials.txt credentials.txt-no-sign-requestaws s3api get-object-acl-bucket vampiretommybucket-1-key credentials.txt-no-sign-requestaws s3api put-object-acl-bucket vampiretommybucket-1-key credentials.txt-grant-read uri=http:/ us-east-1-no-s
16、ign-requestBucket:vampiretommybucket-1Key:credentials.txt19Key Domains in Cloud Key Domains in Cloud Security:A Comprehensive Security:A Comprehensive ApproachApproachC U S T O M E R L O V EU N I T YI N T E G R I T YG R O W T HI M P A C T20K e y D o m a i n s i n C l o u d S e c u r i t y:A C o m p
17、r e h e n s i v e A p p r o a c hK e y D o m a i n s i n C l o u d S e c u r i t y:A C o m p r e h e n s i v e A p p r o a c hExternal ExposureCloud EntitlementsSecure ConfigurationSecure Use of SecretsData SecurityContainer SecurityServerless SecurityVulnerability&Patch ManagementTo safeguard our c
18、loud platform,we must establish a robust cloud security management mechanism.This involves collecting critical logs related to continuous threat monitoring,detection,and response.Below are the key domains in cloud security that demand our attention:1.1.Risk AssessmentRisk Assessment:Identifying pote
19、ntial security risks and assessing their likelihood and impact.2.2.Access ControlAccess Control:Restricting access to authorized users and implementing role-based access control.3.3.Data EncryptionData Encryption:Ensuring sensitive data is encrypted both in transit and at rest.4.4.Network SecurityNe
20、twork Security:Implementing firewalls and other measures to protect against external attacks.5.5.Security MonitoringSecurity Monitoring:Continuously monitoring cloud environments for security breaches.6.6.Incident ResponseIncident Response:Developing plans and procedures to mitigate the impact of security incidents.7.7.ComplianceCompliance:Ensuring cloud security practices align with relevant regulations and standards.21Tommy GuoTommy GuoSenior Security Operation ManagerSenior Security Operation Manager+86 18680527663+86 18680527663