Presented at BlackHat Europe Arsenal 2017

1. Cloud Security Suite
One stop tool for AWS security audit
https://github.com/SecurityFTW/cs-suite
Jayesh Singh Chauhan

2. whoami
• Senior security engineer
• Conferences - c0c0n 2013, 2015, 2017 GES 2014 and Ground
Zero 2015
• Open Source
• OWASP Skanda
• RFID_Cloner
• CSRF PoC generator
• Researcher at heart

3. Why AWS Audit?
• Misconfigured Access (IAM, root, password policy)
• Vulnerable services in use
• Public Access (Ports)
• Exposed Data (S3)
• And many more..

4. How
• Third Party Audit
• You get a third party to do your dirty work
• Lot of money involved
• Giving access to the infrastructure

5. How…
• Open Source tools
• Scout2
• Prowler
• Lunar
• Local Auditing tools
• Other scripts on github and bitbucket

6. Cloud Security Suite

7. Cloud Security Suite
• Takes the “open source setup” pain away from you.
• Compiles all the audit checks
• Extra audit checks added
• Runs all in one go
• Centralized portable reports
• Also, does local audit of the instances

8. Demo – AWS Audit

9. Local Audit
• IP based auditing
• Runs the audit on the remote machine
• Report copied back to main machine
• Portable HTML report
• Region independent Audit, in case of public IP

10. Demo – Local Audit (linux)

11. Demo – Local Audit (Windows)

12. References
• https://github.com/nccgroup/Scout2
• https://github.com/Alfresco/prowler
• https://aws.amazon.com/security/
• https://github.com/CISOfy/lynis
• https://github.com/alanrenouf/Windows-Workstation-and-
Server-Audit

13. Feedback / Suggestions / Queries ?
@jayeshsch chauhansjayesh@gmail.com https://github.com/jayeshchauhan