当前位置:首页 > 报告详情

防御 JavaGhost:防止云环境遭受网络攻击.pdf

上传人: 可*** 编号:991890 2025-12-07 19页 1.23MB

1、 2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.Defending AgainstJavaGhostPreventing Abuse of Your Cloud Environments for Cyber AttacksOctober 2025Margaret Kelley 2025 P

2、alo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.IntroductionJavaGhost TTPsDetecting JavaGhostAgendaJavaGhost backgroundProtecting against JavaGhost 2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.ExperiencePalo Alto Networks

3、 Unit 42 Principal Cloud Incident ResponderSecurian Financial Cybersecurity and cloud engineeringPublications and SpeakingBlack Hat USA Presenter 2023re:Inforce 2025Threat Vector Podcast guest episode 49Unit 42 Blog publications:Cloud Logging for Security and BeyondJavaGhosts Persistent Phishing Att

4、acks From the CloudBling Libras Tactical Evolution:The Threat Actor Group Behind ShinyHunters RansomwareLeaked Environment Variables Allow Large-Scale Extortion Operation in Cloud EnvironmentsMuddled Libras Evolution to the CloudWhen a Zero Day and Access Keys Collide in the Cloud:Responding to the

5、SugarCRM Zero-Day VulnerabilityCertifications:GCFR,GSEC,GCIH,GCFA,GBFAIntroduction 2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.JavaGhost Background 2025 Palo Alto Net

6、works,Inc.All rights reserved.Proprietary and confidential information.2025 Palo Alto Networks,Inc.All rights reserved.Proprietary and confidential information.JavaGhost BackgroundIndustryVariousThreat ActorJavaGhostTypeCloudTacticsExposed credential access,sophisticated persistence,resource abuse,p

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **JavaGhost 概述**:一个活跃超过五年的云攻击组织,最初以网站篡改为主,2022年转向利用钓鱼邮件进行财务攻击,主要针对云环境。 - **攻击战术**:利用受害者组织的配置错误访问AWS凭证,通过GetFederationToken和GetSigninToken获取临时凭证,创建IAM角色和用户,发送钓鱼邮件。 - **检测方法**:通过监控新创建的安全组、角色、SES/WorkMail身份和IAM用户等异常活动来检测JavaGhost攻击。 - **防御措施**:启用CloudTrail日志、限制信任策略、限制管理员访问权限、启用GuardDuty监控和限制未使用服务和区域的使用。
"JavaGhost攻击路径揭秘" "如何防范JavaGhost云攻击?" "云环境中的JavaGhost威胁解析"
客服
商务合作
小程序
服务号
折叠