Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Blackhat Europe17 - Cloud Security Suite
1. Cloud Security Suite
One stop tool for AWS security audit
https://github.com/SecurityFTW/cs-suite
Jayesh Singh Chauhan
2. whoami
• Senior security engineer
• Conferences - c0c0n 2013, 2015, 2017 GES 2014 and Ground
Zero 2015
• Open Source
• OWASP Skanda
• RFID_Cloner
• CSRF PoC generator
• Researcher at heart
3. Why AWS Audit?
• Misconfigured Access (IAM, root, password policy)
• Vulnerable services in use
• Public Access (Ports)
• Exposed Data (S3)
• And many more..
4. How
• Third Party Audit
• You get a third party to do your dirty work
• Lot of money involved
• Giving access to the infrastructure
5. How…
• Open Source tools
• Scout2
• Prowler
• Lunar
• Local Auditing tools
• Other scripts on github and bitbucket
7. Cloud Security Suite
• Takes the “open source setup” pain away from you.
• Compiles all the audit checks
• Extra audit checks added
• Runs all in one go
• Centralized portable reports
• Also, does local audit of the instances
9. Local Audit
• IP based auditing
• Runs the audit on the remote machine
• Report copied back to main machine
• Portable HTML report
• Region independent Audit, in case of public IP