当前位置:首页 > 报告详情

尼克·弗里谢特_踢开云的门利用云提供商漏洞获得初始访问权限.pdf

上传人: 张** 编号:175529 2024-09-13 95页 6.33MB

1、#BHUSA BlackHatEventsKicking in the Door to the Kicking in the Door to the Cloud:Exploiting Cloud Cloud:Exploiting Cloud Provider Vulnerabilities for Provider Vulnerabilities for Initial AccessInitial AccessNick Frichette#BHUSA BlackHatEvents#BHUSA BlackHatEventsBoringBoring#BHUSA BlackHatEventsLeak

2、ed Access Keys#BHUSA BlackHatEventsLeaked Access KeysExposed S3 Bucket#BHUSA BlackHatEventsLeaked Access KeysExposed S3 BucketExploited EC2 Instance#BHUSA BlackHatEventsWhy is it,when something happens,its always one of you three?Leaked Access KeysExposed S3 BucketExploited EC2 Instance#BHUSA BlackH

3、atEventsBoringBoring#BHUSA BlackHatEventsAWS ServiceAssumeRoleVictim AWS AccountSQS QueueRDS DatabaseIAM RoleS3 Bucket#BHUSA BlackHatEventsIcon source:https:/ AWS ServiceAttacker AWS AccountAssumeRoleVictim AWS AccountSQS QueueRDS DatabaseIAM RoleS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS

4、 AccountAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS AccountAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS Account1.How trust is establishedAssumeRoleVictim AWS AccountProb

5、lemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsVictim AWS AccountAWS ServiceAttacker AWS Account2.Discuss two example vulnerabilities1.How trust is establishedAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS Account2.Discuss two exa

6、mple vulnerabilities1.How trust is establishedAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket3.Prevention options#BHUSA BlackHatEventsHow Trust is Established in AWS#BHUSA BlackHatEventsRole Trust Policies in ActionAWS Lambda ServiceMy AWS AccountMy IAM RoleLambda FunctionAssumeRol

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了AWS云服务中的安全漏洞及其利用方法。作者Nick Frichette通过实例详细阐述了云服务提供商AWS的漏洞利用过程,包括如何通过泄漏的访问密钥、暴露的S3存储桶和被利用的EC2实例等实现对AWS账户的初始访问。文章还讨论了两种典型的AWS漏洞:一是Amazon AppSync中的困惑副官(Confused Deputy)漏洞,二是AWS Amplify暴露IAM角色以实现接管。作者还提出了预防这些跨账户攻击的方法,如使用条件键(Condition Keys)来阻止0日漏洞等。最后,作者强调了通过审计角色和使用AssumeRoleWithWebIdentity来防御混淆副官攻击的重要性。
如何 initial access?" 两种漏洞示例" 我们能做些什么?"
客服
商务合作
小程序
服务号
折叠