Top Banner
Hacking the Cloud PENETRATION TESTING IN AZURE
29

Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Apr 01, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Hacking the CloudPENETRATION TESTING IN AZURE

Page 2: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Agenda

• > whoami

• Why Red Team

• Attack Methodology

• Best Practices

Page 3: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Matt Burrough

Page 4: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

The Purpose of a Red Team

• Penetration Testers whose aim is to find security weaknesses before a real attacker can

• Best Friends/Archrivals of the Blue Team (Defenders)

• Often operate with “Assume Breach” mindset

• Exercises the detection and response capabilities of the security operations teams

• Complements existing security controls (code reviews, SDL, auditing)

Page 5: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Methodology

1. Establish Scope / Get Permission

2. Initial Reconnaissance

3. Gain Subscription Access

4. Cloud Service Exploitation & Pivot

Page 6: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

1. Scoping: A Hybrid Approach

Private Cloud

Public Cloud

CorporateNetwork

Page 7: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Permission

• https://security-forms.azure.com/penetration-testing

• https://security-forms.azure.com/penetration-testing/terms

https://security-forms.azure.com/penetration-testing
https://security-forms.azure.com/penetration-testing/terms
Page 8: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

2. Reconnaissance

• Intranet pages

• SharePoint

• GitHub / VSO

• LinkedIn

• Leaked Password Lists

• Nmap

• Nessus

Page 9: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

3. Gaining Access

• Phishing

• Leaked Credentials

• Stolen Credentials

• Two-Factor Authentication Bypass

Page 10: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Phishing

• Check Employee Readiness

• Validate Security Operations Response

Page 11: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.
Page 12: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Leaking Credentials

• Management Certificates

• .PublishSettings Files

• .Config Files

• Storage Account Keys

Page 13: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Management Certificates

Page 14: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

.PublishSettings Files

Page 15: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

.Config Files

Page 16: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Storage Account Keys

Page 17: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Stolen Credentials

• Password Lists

• Password Cracking

• Mimikatz

Page 18: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Password Lists

Page 19: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Password Cracking

• Dictionary

• Brute Force

Page 20: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Mimikatz

Page 21: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Two-Factor Bypass

• Service Accounts

• Piggy Backing

• Cookie Theft

Page 22: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Cookie Theft

Page 23: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

4. Cloud Service Exploitation / Pivoting

• Misconfigurations

• Firewall Rules / ACLs

• Security Monitoring

• Design Flaws

• Data Theft

• VHD Downloads

Page 24: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Firewall Rules & ACLs

Page 25: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Lack of Monitoring For Changes

• Adding User or Management Cert to Subscription

• Adding/removing a role to an RBAC user

Page 26: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Design Flaws

• Find vulnerabilities, exploit them.

Page 27: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

VHD Cloning

Page 28: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Best Practices

• Enable & use any security features available

• Enable 2FA

• Use alt-accounts and SAWs/PAWs

• Audit your logs regularly and alert on key events

• Separate DEV and PROD, Logging

• Least Privilege

Page 29: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Thanks!MAT T B UR R O UGHMAT T B URR @MICR OSOFT.COM@ MAT T B UR RO UGH


Related Documents
Cloud Security @ TIM · Cloud Security @ TIM ... Building a secure cloud for hosting Enterprise SAAS is a TOP Priority . 5 ... • Hands on Hacking Web Application (HOH)

Cloud Security @ TIM · Cloud Security @ TIM ... Building a...

Category: Documents
GOOGLE HACKING GOOGLE HACKING

GOOGLE HACKING GOOGLE HACKING

Category: Documents
Ethical Hacking and Countermeasures - Varutra · Hacking Concepts o Hacking vs. Ethical Hacking o Effects of Hacking on Business o Who Is a Hacker? o Hacker Classes ... Ethical Hacking

Ethical Hacking and Countermeasures - Varutra · Hacking...

Category: Documents
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery

CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery

Category: Technology
Burrough 1981

Burrough 1981

Category: Documents
Objets connectés, dev, hacking et cloud

Objets connectés, dev, hacking et cloud

Category: Technology
Hacking health-camp - Hacking Health

Hacking health-camp - Hacking Health

Category: Government & Nonprofit
Hacking Citrix Cloud Server

Hacking Citrix Cloud Server

Category: Technology
Hacking the Cloud - adsecurity.org

Hacking the Cloud - adsecurity.org

Category: Documents
Hacking: Computer Hacking Beginners Guide

Hacking: Computer Hacking Beginners Guide

Category: Documents
+ Diffusion of Innovations iPads in the Education by Kristy Burrough Picture taken from

+ Diffusion of Innovations iPads in the Education by Kristy....

Category: Documents
Hacking Rapidshare Complete Hacking Process

Hacking Rapidshare Complete Hacking Process

Category: Documents