SlideShare a Scribd company logo

Control AWS and GCP services with WeirdAAL

Chris Gates
Chris Gates

Contrary to most presentations and blog posts there is more to AWS than S3. In a quest to create more re-usable code we have created WeirdAAL (AWS Attack Library). Offensively, WeirdAAL helps you answer the “what can I do with this AWS key”? We aim to answer that question, in a blackbox way, via recon modules and modules specifically dedicated to attack each of the interesting AWS service offerings while avoiding detection. It also provides multiple functions sorted by AWS service that you can use for both offensive and defensive checks.

Technology
1 of 88
Download to read offline
Download this presentation https://tinyurl.com/weirdAAL-cactuscon18
WeirdAAL (AWS Attack Library) Chris Gates, Ken Johnson CactusCon 2018
whoami
whoami Chris Gates - Staff Security Engineer - Cruise Automation Twitter: @carnal0wnage Blog: carnal0wnage.attackresearch.com Talks: slideshare.net/chrisgates
whoami
whoami Ken Johnson - AppSec - GitHub Twitter: @cktricky YouTube: https://www.youtube.com/c/absoluteappsec Talks: slideshare.net/KenJohnson61/
We’ve been talking about this... LasCon 2014 - DevOops, I did it Again https://www.youtube.com/watch?v=i8SnLXwlBWM
… and talking... DevOpsDays DC 2015 https://vimeo.com/137691444
...and talking some more... DevOops Redux - AppSec USA 2016 https://bit.ly/2qYe29y
… still going... RSA Conference 2017 https://bit.ly/2HOZ0N4
OKAY, WE GET IT ALREADY! (do you, though?) DevOops Redux - CERN 2017 & InsomniaHack 2017 https://cds.cern.ch/record/2256987
So what has happened during this time? 2014 - Code Spaces
… le sigh (horrorshow is right) 2015 - Systema Software
Come on! 2016 - Datadog
… surely its getting better? Nope 2017 - Deep Root Analytics / America?
This is why we drink 2018 - MBM Company, Tesla
So what did we decide to do about it?
Join the party of course :-)
Vaporware
WeirdAAL ● WeirdAAL (AWS Attack Library) ● https://github.com/carnal0wnage/w eirdAAL ● Python3 ● Relies heavily on boto3 library
WeirdAAL Two Goals: 1. Answer what can I do with this AWS Keypair [blackbox] 2. Be a repository of useful functions (offensive & defensive) to interact with AWS services.
WeirdAAL Prior work 1. CG’s aws_interrogate (vaporware) 2. https://github.com/dagrz/aws_pwn & his medium posts 3. https://github.com/bchew/dynamodump 4. https://github.com/ThreatResponse/aws_ir 5. https://github.com/nccgroup/Scout2 6. https://github.com/RhinoSecurityLabs/pacu [post | concurrent]
Setup / Usage / Boto3 ● Supports boto3 and aws credentials format ○ Using boto3 allows us to natively support STS tokens ○ Put your creds in .env folder in WeirdAAL home
Setup / Usage / Boto3 ● Targets ○ Passes a -t (target) value to track your work ○ Can have multiple AWS keys in a target ● Modules ○ Modules passed via -m to do various tasks ○ python3 weirdAAL.py -m dynamodb_list_tables -t demo ○ Coverage for many services but not all (so far) ■ EC2, Lambda, s3, dynamodb, iam, etc ● Built in proxy support via boto3
Setup / Usage / Boto3 *New* we now list modules by cloud service
What Can I Do With This AWS Key Pair? AWS offers no easy way (blackbox) If you have IAM you can look at running services manually or check billing. Tedious & No Fun (135 services in boto3 1.7.4)
What Can I Do With This AWS Key Pair? Our solution, ask every service if we have permission to use it (recon_all)
What Can I Do With This AWS Key Pair? Recon_all demo
What Can I Do With This AWS Key Pair? Recon_all demo
What Can I Do With This AWS Key Pair?
What Can I Do With This AWS Key Pair? Recon_all demo (recap) Hit up every AWS service we can ask a **generic** question to ** required no args or specifics about that account Log to DB for use later and automation Todo: Evasion? Timing? Does anyone look or care?
What Can I Do With This AWS Key Pair? Recon_all demo (gotchas) ● Root keys that have invalid billing info give you: “SubscriptionRequiredException” or “OptInRequired” boto3 errors ● Root keys that are in good standing give you everything available :-/
F**king Stuff Up
What Can I Do With This AWS Key Pair? In previous talks, we discussed monitoring. Now we show you how to burn all that to the ground.
What Can I Do With This AWS Key Pair? Starting with SNS… List topics
What Can I Do With This AWS Key Pair? List subscribers to a topic
What Can I Do With This AWS Key Pair? Or… just delete the Topic. Now nobody knows what you’re doing :-)
What Can I Do With This AWS Key Pair? Config service has rules. You’ll see why cloudtrail is important
What Can I Do With This AWS Key Pair? We can list the config rules of course (for every region):
What Can I Do With This AWS Key Pair? But what about deleting rules? Yeah, we’ve got that too :-)
What Can I Do With This AWS Key Pair? Or just delete the whole recording altogether - BEFORE
What Can I Do With This AWS Key Pair? Let’s go ahead and just delete Config’s recorder altogether, shall we? First list them...
What Can I Do With This AWS Key Pair? Now, delete it :-)
What Can I Do With This AWS Key Pair? Welp, no more Config alerts… or Config at all, really
What Can I Do With This AWS Key Pair? IAM_Pwn Found a key with IAM/Root? Let’s automate the takeover / make backdoor accounts
What Can I Do With This AWS Key Pair? IAM_Pwn demo
What Can I Do With This AWS Key Pair? IAM_Pwn demo - List users
What Can I Do With This AWS Key Pair? IAM_Pwn demo - User details IAM console
What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete MFA device
What Can I Do With This AWS Key Pair? IAM_Pwn demo - change console password
What Can I Do With This AWS Key Pair? IAM_Pwn demo - create access/secret key
What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete access/secret key
What Can I Do With This AWS Key Pair? IAM_Pwn demo - make backdoor account
What Can I Do With This AWS Key Pair? IAM_Pwn (recap) Deleted 2FA Add console user / add new keys Backdoor admin user Hack all the thingz
What Can I Do With This AWS Key Pair? IAM_Pwn (story time) Made backdoor account in pentest, proved lack of logging and policy enforcement
What Can I Do With This AWS Key Pair? Logging / IR
What Can I Do With This AWS Key Pair? Lambda - list_functions
What Can I Do With This AWS Key Pair? Lambda - get_function
What Can I Do With This AWS Key Pair? Thankfully, lambda serverless arch and KMS means no more creds in code right?
What Can I Do With This AWS Key Pair? Nope :-)
What Can I Do With This AWS Key Pair? Lambda http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.update_function_code
It’s cool I have cloudtrail configured….
What Can I Do With This AWS Key Pair? Stop Cloudtrail logging (ref: https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594) Identify existing CloudTrail trails
What Can I Do With This AWS Key Pair? Stop Cloudtrail logging Use TrailARN to stop CloudTrail with stop_logging function
What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail Use TrailARN to stop CloudTrail with delete_trail function
What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail
What Can I Do With This AWS Key Pair? Logging / IR
What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
What Can I Do With This AWS Key Pair? EC2 get_console_output
What Can I Do With This AWS Key Pair? EC2 get_console_output
What Can I Do With This AWS Key Pair? EC2 get_console_output_all
What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
What Can I Do With This AWS Key Pair? Just plain mean…. ec2_stop_instances
Useful Functions & Libs Grew tired of stackoverflowing everything Ideally, grab useful functions and throw together quick python script to knock out your task Uses libs for actions that need more control/finesse/data passed
Example of a Module
Useful Functions & Libs Used WeirdAAL at work to get public EC2 instances quickly so we can do external pentesting -impossible to know given the large range of AWS IP space
Useful Functions & Libs Pydoc friendly (work in progress)
WeirdAAL (AWS Awesome Attack Library) Now with GCP :-)
WeirdAAL - GCP Third Goal: 3. Be a repository of useful functions (offensive & defensive) to interact with GCP services.
WeirdAAL - GCP Documentation SUCKS Take in a service account keyfile (json) Brute force what services that keyfile has access to use libs/modules structure is/will be the same Currently a separate branch while we tidy it up https://github.com/carnal0wnage/weirdAAL/tree/gcp_testing
WeirdAAL - GCP Does work though
WeirdAAL - GCP Does work though
WeirdAAL - GCP
WeirdAAL - GCP
Questions?
Contact Info Chris Gates Slides Twitter: @carnal0wnage https://tinyurl.com/weirdAAL Ken Johnson Code: Twitter: @cktricky https://github.com/carnal0wnage/weirdAAL

Recommended

Bostonrb Amazon Talk
Bostonrb Amazon TalkBostonrb Amazon Talk
Bostonrb Amazon TalkBrian Kaney
 
Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Anton Babenko
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化Masaru Ogura
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
AMIMOTO: WordPress + Amazon Web Services Hands-on PARIS
AMIMOTO: WordPress + Amazon Web Services Hands-on PARISAMIMOTO: WordPress + Amazon Web Services Hands-on PARIS
AMIMOTO: WordPress + Amazon Web Services Hands-on PARISKel
 
Continuous deployment of Rails apps on AWS OpsWorks
Continuous deployment of Rails apps on AWS OpsWorksContinuous deployment of Rails apps on AWS OpsWorks
Continuous deployment of Rails apps on AWS OpsWorksTomaž Zaman
 
AWS Client vpn pattern
AWS Client vpn patternAWS Client vpn pattern
AWS Client vpn patternkota tomimatsu
 
Introduction to the Serverless paradigm
Introduction to the Serverless paradigmIntroduction to the Serverless paradigm
Introduction to the Serverless paradigmAlex Casalboni
 

Recommended

Bostonrb Amazon Talk
Bostonrb Amazon TalkBostonrb Amazon Talk
Bostonrb Amazon TalkBrian Kaney
 
Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Designing for elasticity on AWS - 9.11.2015
Designing for elasticity on AWS - 9.11.2015Anton Babenko
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化Masaru Ogura
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
AMIMOTO: WordPress + Amazon Web Services Hands-on PARIS
AMIMOTO: WordPress + Amazon Web Services Hands-on PARISAMIMOTO: WordPress + Amazon Web Services Hands-on PARIS
AMIMOTO: WordPress + Amazon Web Services Hands-on PARISKel
 
Continuous deployment of Rails apps on AWS OpsWorks
Continuous deployment of Rails apps on AWS OpsWorksContinuous deployment of Rails apps on AWS OpsWorks
Continuous deployment of Rails apps on AWS OpsWorksTomaž Zaman
 
AWS Client vpn pattern
AWS Client vpn patternAWS Client vpn pattern
AWS Client vpn patternkota tomimatsu
 
Introduction to the Serverless paradigm
Introduction to the Serverless paradigmIntroduction to the Serverless paradigm
Introduction to the Serverless paradigmAlex Casalboni
 
Using RStudio on AWS
Using RStudio on AWSUsing RStudio on AWS
Using RStudio on AWSBarry DeCicco
 
Cloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labsCloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labsAlex Casalboni
 
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at XamarinC# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at XamarinXamarin
 
Ops, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS LambdaOps, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS LambdaMatthew Boeckman
 
Async await...oh wait!
Async await...oh wait!Async await...oh wait!
Async await...oh wait!Thomas Pierrain
 
Vpc aws meetup
Vpc aws meetupVpc aws meetup
Vpc aws meetupMatthew Boeckman
 
JakartaJS: Serverless in production
JakartaJS: Serverless in productionJakartaJS: Serverless in production
JakartaJS: Serverless in productionAdhy Wiranata Prasetyo
 
Aws meetup building_lambda
Aws meetup building_lambdaAws meetup building_lambda
Aws meetup building_lambdaAdam Book
 
Deploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic BeanstalkDeploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic BeanstalkJulien SIMON
 
Adding High Performance Search to your Grails App
Adding High Performance Search to your Grails AppAdding High Performance Search to your Grails App
Adding High Performance Search to your Grails AppAdam Creeger
 
DevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating DeploymentsDevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating DeploymentsAmazon Web Services
 
Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Boaz Ziniman
 
Serverless Dev on AWS
Serverless Dev on AWSServerless Dev on AWS
Serverless Dev on AWSBryson Tyrrell
 
Amazon ECS (December 2015)
Amazon ECS (December 2015)Amazon ECS (December 2015)
Amazon ECS (December 2015)Julien SIMON
 
The promise of NoOps
The promise of NoOpsThe promise of NoOps
The promise of NoOpsMatthew Boeckman
 
.NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not).NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not)Allen-Michael (AM) Grobelny
 
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill... Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...Quentin Adam
 
The Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR ApplicationThe Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR ApplicationAdam Creeger
 
C# & AWS Lambda
C# & AWS LambdaC# & AWS Lambda
C# & AWS LambdaPat Hermens
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Yan Cui
 
End-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesEnd-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesMassimo Ferre'
 

More Related Content

What's hot

Using RStudio on AWS
Using RStudio on AWSUsing RStudio on AWS
Using RStudio on AWSBarry DeCicco
 
Cloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labsCloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labsAlex Casalboni
 
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at XamarinC# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at XamarinXamarin
 
Ops, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS LambdaOps, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS LambdaMatthew Boeckman
 
Aws meetup building_lambda
Aws meetup building_lambdaAws meetup building_lambda
Aws meetup building_lambdaAdam Book
 
Deploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic BeanstalkDeploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic BeanstalkJulien SIMON
 
Adding High Performance Search to your Grails App
Adding High Performance Search to your Grails AppAdding High Performance Search to your Grails App
Adding High Performance Search to your Grails AppAdam Creeger
 
DevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating DeploymentsDevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating DeploymentsAmazon Web Services
 
Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Boaz Ziniman
 
Amazon ECS (December 2015)
Amazon ECS (December 2015)Amazon ECS (December 2015)
Amazon ECS (December 2015)Julien SIMON
 
.NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not).NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not)Allen-Michael (AM) Grobelny
 
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill... Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...Quentin Adam
 
The Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR ApplicationThe Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR ApplicationAdam Creeger
 

What's hot (19)

Using RStudio on AWS
Using RStudio on AWSUsing RStudio on AWS
Using RStudio on AWS
 
Cloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labsCloud Academy's AWS Hands on-labs
Cloud Academy's AWS Hands on-labs
 
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at XamarinC# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
C# Async on iOS and Android - Craig Dunn, Developer Evangelist at Xamarin
 
Ops, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS LambdaOps, DevOps, NoOps and AWS Lambda
Ops, DevOps, NoOps and AWS Lambda
 
Async await...oh wait!
Async await...oh wait!Async await...oh wait!
Async await...oh wait!
 
Vpc aws meetup
Vpc aws meetupVpc aws meetup
Vpc aws meetup
 
JakartaJS: Serverless in production
JakartaJS: Serverless in productionJakartaJS: Serverless in production
JakartaJS: Serverless in production
 
Aws meetup building_lambda
Aws meetup building_lambdaAws meetup building_lambda
Aws meetup building_lambda
 
Deploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic BeanstalkDeploying a simple Rails application with AWS Elastic Beanstalk
Deploying a simple Rails application with AWS Elastic Beanstalk
 
Adding High Performance Search to your Grails App
Adding High Performance Search to your Grails AppAdding High Performance Search to your Grails App
Adding High Performance Search to your Grails App
 
DevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating DeploymentsDevOps for the Enterprise: Automating Deployments
DevOps for the Enterprise: Automating Deployments
 
Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda Serverless use cases with AWS Lambda
Serverless use cases with AWS Lambda
 
Serverless Dev on AWS
Serverless Dev on AWSServerless Dev on AWS
Serverless Dev on AWS
 
Amazon ECS (December 2015)
Amazon ECS (December 2015)Amazon ECS (December 2015)
Amazon ECS (December 2015)
 
The promise of NoOps
The promise of NoOpsThe promise of NoOps
The promise of NoOps
 
.NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not).NET Development with the Tools You Know (and a Few You Might Not)
.NET Development with the Tools You Know (and a Few You Might Not)
 
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill... Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
Understand immutable infrastructure, what? Why? how? - devops d day Marseill...
 
The Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR ApplicationThe Anatomy of a Seriously Sophisticated AIR Application
The Anatomy of a Seriously Sophisticated AIR Application
 
C# & AWS Lambda
C# & AWS LambdaC# & AWS Lambda
C# & AWS Lambda
 

Similar to Control AWS and GCP services with WeirdAAL

WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Yan Cui
 
End-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesEnd-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesMassimo Ferre'
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Yan Cui
 
Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Yan Cui
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience reportYan Cui
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Yan Cui
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Yan Cui
 
Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Yan Cui
 
Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Yan Cui
 
Serverless and Kubernetes Workshop on IBM Cloud
Serverless and Kubernetes Workshop on IBM CloudServerless and Kubernetes Workshop on IBM Cloud
Serverless and Kubernetes Workshop on IBM CloudAnsgar Schmidt
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenchesYan Cui
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessLuciano Mammino
 
AWS Lambda from the trenches (Serverless London)
AWS Lambda from the trenches (Serverless London)AWS Lambda from the trenches (Serverless London)
AWS Lambda from the trenches (Serverless London)Yan Cui
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural PatternsYan Cui
 
OpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonOpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonCodeOps Technologies LLP
 
Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)Yan Cui
 
DevOps with Serverless
DevOps with ServerlessDevOps with Serverless
DevOps with ServerlessYan Cui
 

Similar to Control AWS and GCP services with WeirdAAL (20)

WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library)
 
Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)Serverless in production (O'Reilly Software Architecture)
Serverless in production (O'Reilly Software Architecture)
 
End-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS servicesEnd-to-end CI/CD deployments of containerized applications using AWS services
End-to-end CI/CD deployments of containerized applications using AWS services
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
 
Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)Serverless in production, an experience report (linuxing in london)
Serverless in production, an experience report (linuxing in london)
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)
 
Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)Serverless in production, an experience report (CoDe-Conf)
Serverless in production, an experience report (CoDe-Conf)
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)
 
Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)Serverless in production, an experience report (FullStack 2018)
Serverless in production, an experience report (FullStack 2018)
 
Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)Serverless in Production, an experience report (AWS UG South Wales)
Serverless in Production, an experience report (AWS UG South Wales)
 
Serverless and Kubernetes Workshop on IBM Cloud
Serverless and Kubernetes Workshop on IBM CloudServerless and Kubernetes Workshop on IBM Cloud
Serverless and Kubernetes Workshop on IBM Cloud
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenches
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti Serverless
 
AWS Lambda from the trenches (Serverless London)
AWS Lambda from the trenches (Serverless London)AWS Lambda from the trenches (Serverless London)
AWS Lambda from the trenches (Serverless London)
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
 
OpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in PythonOpenWhisk by Example - Auto Retweeting Example in Python
OpenWhisk by Example - Auto Retweeting Example in Python
 
Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)Serverless in production, an experience report (microservices london)
Serverless in production, an experience report (microservices london)
 
DevOps with Serverless
DevOps with ServerlessDevOps with Serverless
DevOps with Serverless
 

More from Chris Gates

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVChris Gates
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 

More from Chris Gates (20)

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Control AWS and GCP services with WeirdAAL

  • 2. WeirdAAL (AWS Attack Library) Chris Gates, Ken Johnson CactusCon 2018
  • 4. whoami Chris Gates - Staff Security Engineer - Cruise Automation Twitter: @carnal0wnage Blog: carnal0wnage.attackresearch.com Talks: slideshare.net/chrisgates
  • 6. whoami Ken Johnson - AppSec - GitHub Twitter: @cktricky YouTube: https://www.youtube.com/c/absoluteappsec Talks: slideshare.net/KenJohnson61/
  • 7. We’ve been talking about this... LasCon 2014 - DevOops, I did it Again https://www.youtube.com/watch?v=i8SnLXwlBWM
  • 8. … and talking... DevOpsDays DC 2015 https://vimeo.com/137691444
  • 9. ...and talking some more... DevOops Redux - AppSec USA 2016 https://bit.ly/2qYe29y
  • 10. … still going... RSA Conference 2017 https://bit.ly/2HOZ0N4
  • 11. OKAY, WE GET IT ALREADY! (do you, though?) DevOops Redux - CERN 2017 & InsomniaHack 2017 https://cds.cern.ch/record/2256987
  • 12. So what has happened during this time? 2014 - Code Spaces
  • 13. … le sigh (horrorshow is right) 2015 - Systema Software
  • 14. Come on! 2016 - Datadog
  • 15. … surely its getting better? Nope 2017 - Deep Root Analytics / America?
  • 16. This is why we drink 2018 - MBM Company, Tesla
  • 17. So what did we decide to do about it?
  • 18. Join the party of course :-)
  • 20. WeirdAAL ● WeirdAAL (AWS Attack Library) ● https://github.com/carnal0wnage/w eirdAAL ● Python3 ● Relies heavily on boto3 library
  • 21. WeirdAAL Two Goals: 1. Answer what can I do with this AWS Keypair [blackbox] 2. Be a repository of useful functions (offensive & defensive) to interact with AWS services.
  • 22. WeirdAAL Prior work 1. CG’s aws_interrogate (vaporware) 2. https://github.com/dagrz/aws_pwn & his medium posts 3. https://github.com/bchew/dynamodump 4. https://github.com/ThreatResponse/aws_ir 5. https://github.com/nccgroup/Scout2 6. https://github.com/RhinoSecurityLabs/pacu [post | concurrent]
  • 23. Setup / Usage / Boto3 ● Supports boto3 and aws credentials format ○ Using boto3 allows us to natively support STS tokens ○ Put your creds in .env folder in WeirdAAL home
  • 24. Setup / Usage / Boto3 ● Targets ○ Passes a -t (target) value to track your work ○ Can have multiple AWS keys in a target ● Modules ○ Modules passed via -m to do various tasks ○ python3 weirdAAL.py -m dynamodb_list_tables -t demo ○ Coverage for many services but not all (so far) ■ EC2, Lambda, s3, dynamodb, iam, etc ● Built in proxy support via boto3
  • 25. Setup / Usage / Boto3 *New* we now list modules by cloud service
  • 26. What Can I Do With This AWS Key Pair? AWS offers no easy way (blackbox) If you have IAM you can look at running services manually or check billing. Tedious & No Fun (135 services in boto3 1.7.4)
  • 27. What Can I Do With This AWS Key Pair? Our solution, ask every service if we have permission to use it (recon_all)
  • 28. What Can I Do With This AWS Key Pair? Recon_all demo
  • 29. What Can I Do With This AWS Key Pair? Recon_all demo
  • 30. What Can I Do With This AWS Key Pair?
  • 31. What Can I Do With This AWS Key Pair? Recon_all demo (recap) Hit up every AWS service we can ask a **generic** question to ** required no args or specifics about that account Log to DB for use later and automation Todo: Evasion? Timing? Does anyone look or care?
  • 32. What Can I Do With This AWS Key Pair? Recon_all demo (gotchas) ● Root keys that have invalid billing info give you: “SubscriptionRequiredException” or “OptInRequired” boto3 errors ● Root keys that are in good standing give you everything available :-/
  • 34. What Can I Do With This AWS Key Pair? In previous talks, we discussed monitoring. Now we show you how to burn all that to the ground.
  • 35. What Can I Do With This AWS Key Pair? Starting with SNS… List topics
  • 36. What Can I Do With This AWS Key Pair? List subscribers to a topic
  • 37. What Can I Do With This AWS Key Pair? Or… just delete the Topic. Now nobody knows what you’re doing :-)
  • 38. What Can I Do With This AWS Key Pair? Config service has rules. You’ll see why cloudtrail is important
  • 39. What Can I Do With This AWS Key Pair? We can list the config rules of course (for every region):
  • 40. What Can I Do With This AWS Key Pair? But what about deleting rules? Yeah, we’ve got that too :-)
  • 41. What Can I Do With This AWS Key Pair? Or just delete the whole recording altogether - BEFORE
  • 42. What Can I Do With This AWS Key Pair? Let’s go ahead and just delete Config’s recorder altogether, shall we? First list them...
  • 43. What Can I Do With This AWS Key Pair? Now, delete it :-)
  • 44. What Can I Do With This AWS Key Pair? Welp, no more Config alerts… or Config at all, really
  • 45. What Can I Do With This AWS Key Pair? IAM_Pwn Found a key with IAM/Root? Let’s automate the takeover / make backdoor accounts
  • 46. What Can I Do With This AWS Key Pair? IAM_Pwn demo
  • 47. What Can I Do With This AWS Key Pair? IAM_Pwn demo - List users
  • 48. What Can I Do With This AWS Key Pair? IAM_Pwn demo - User details IAM console
  • 49. What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete MFA device
  • 50. What Can I Do With This AWS Key Pair? IAM_Pwn demo - change console password
  • 51. What Can I Do With This AWS Key Pair? IAM_Pwn demo - create access/secret key
  • 52. What Can I Do With This AWS Key Pair? IAM_Pwn demo - delete access/secret key
  • 53. What Can I Do With This AWS Key Pair? IAM_Pwn demo - make backdoor account
  • 54. What Can I Do With This AWS Key Pair? IAM_Pwn (recap) Deleted 2FA Add console user / add new keys Backdoor admin user Hack all the thingz
  • 55. What Can I Do With This AWS Key Pair? IAM_Pwn (story time) Made backdoor account in pentest, proved lack of logging and policy enforcement
  • 56. What Can I Do With This AWS Key Pair? Logging / IR
  • 57. What Can I Do With This AWS Key Pair? Lambda - list_functions
  • 58. What Can I Do With This AWS Key Pair? Lambda - get_function
  • 59. What Can I Do With This AWS Key Pair? Thankfully, lambda serverless arch and KMS means no more creds in code right?
  • 60. What Can I Do With This AWS Key Pair? Nope :-)
  • 61. What Can I Do With This AWS Key Pair? Lambda http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.update_function_code
  • 62. It’s cool I have cloudtrail configured….
  • 63. What Can I Do With This AWS Key Pair? Stop Cloudtrail logging (ref: https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594) Identify existing CloudTrail trails
  • 64. What Can I Do With This AWS Key Pair? Stop Cloudtrail logging Use TrailARN to stop CloudTrail with stop_logging function
  • 65. What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail Use TrailARN to stop CloudTrail with delete_trail function
  • 66. What Can I Do With This AWS Key Pair? Delete Cloudtrail Trail
  • 67. What Can I Do With This AWS Key Pair? Logging / IR
  • 68. What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
  • 69. What Can I Do With This AWS Key Pair? EC2 get_console_screenshot
  • 70. What Can I Do With This AWS Key Pair? EC2 get_console_output
  • 71. What Can I Do With This AWS Key Pair? EC2 get_console_output
  • 72. What Can I Do With This AWS Key Pair? EC2 get_console_output_all
  • 73. What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
  • 74. What Can I Do With This AWS Key Pair? EC2 & Lucidcharts
  • 75. What Can I Do With This AWS Key Pair? Just plain mean…. ec2_stop_instances
  • 76. Useful Functions & Libs Grew tired of stackoverflowing everything Ideally, grab useful functions and throw together quick python script to knock out your task Uses libs for actions that need more control/finesse/data passed
  • 77. Example of a Module
  • 78. Useful Functions & Libs Used WeirdAAL at work to get public EC2 instances quickly so we can do external pentesting -impossible to know given the large range of AWS IP space
  • 79. Useful Functions & Libs Pydoc friendly (work in progress)
  • 80. WeirdAAL (AWS Awesome Attack Library) Now with GCP :-)
  • 81. WeirdAAL - GCP Third Goal: 3. Be a repository of useful functions (offensive & defensive) to interact with GCP services.
  • 82. WeirdAAL - GCP Documentation SUCKS Take in a service account keyfile (json) Brute force what services that keyfile has access to use libs/modules structure is/will be the same Currently a separate branch while we tidy it up https://github.com/carnal0wnage/weirdAAL/tree/gcp_testing
  • 83. WeirdAAL - GCP Does work though
  • 84. WeirdAAL - GCP Does work though
  • 88. Contact Info Chris Gates Slides Twitter: @carnal0wnage https://tinyurl.com/weirdAAL Ken Johnson Code: Twitter: @cktricky https://github.com/carnal0wnage/weirdAAL