控制平面上的蛇:利用紫队攻击 Azure IAM 进行威胁检测.pdf

编号:991868 PDF 28页 1.94MB 下载积分:VIP专享
下载报告请您先登录!

1、Snakes on a(Control)Plane:Purple-Teaming Azure IAM for Threat DetectionLYDIA GRASLIE THREAT DETECTION ENGINEEREDWARD JONESAbout MeThreat Detection Engineer at Edward JonesTA for SANS SEC 541 Former English teacherWorked on helpdeskEngineering is radLikes:home labs,comedy,gardening,hockey,musicWhat W

2、ell LearnWhy Azure IAM is tricky to monitorWhat to considerHow to stay organizedWhy Purple Team?Microsoft Cloud is a big,complex product-as are many cloudsIts easy to miss things!Settings and log events are often not intuitivePurple teaming helps us make sure were coveredEnsures we have the logs we

3、need and the events show up as we expectHelps us build the right detections for the resources/environment we haveEnsures robust detections that cover multiple attack paths/procedures of a techniqueInforms thorough and helpful documentation for respondersPurple Teaming Threat Detection tldr;Doing a m

4、alicious thing(safely)Recording that malicious thingExamining the logs produced by the malicious thingAzure IAMIAM 101“IAM gives secure access to company resourceslike emails,databases,data,and applicationsto verified entities,ideally with a bare minimum of interference.The goal is to manage access

5、so that the right people can do their jobs and the wrong people,like hackers,are denied entry.”-MicrosoftAzure IAMSource:MicrosoftWhy is it Hard?Not everything important is logged by defaultAzure resources dont automatically export log all log activity Log settings are everywhereNeed to set up diagn

6、ostic settings to collect logsLogs in the portal=/=Logs in your SIEMLots of unanticipated things can happen between the GUI and your SIEMDiagnostic SettingsWhat Isnt Logged by Default?Key Vault ActivitiesGap example:Cannot see who creates or deletes keys/secrets,or who is looking at keys/secretsKube

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(控制平面上的蛇:利用紫队攻击 Azure IAM 进行威胁检测.pdf)为本站 (可不可以) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠