Rob Ragan and Oscar Salazar Present at ACoD 2020

Date & Time: Thursday, January 16, 2020 at 3:30PM
Location: Trinity Hall, 311 E 5th St, Austin, TX 78701
Speaker: Rob Ragan and Oscar Salazar

Bishop Fox's Principal Researcher Rob Ragan and Principal Security Associate Oscar Salazar recently presented at Art Into Science. See details on their talk below.

Slide extracted from Rob Ragan presentation illustration the need to use different lenses to understand what is exposed on internet in your cloud environment

Download the Presentation

Expose Yourself: Without Insecurity

How do you find out what's on the internet in your cloud environments?

 

Smog Cloud

Find cloud assets that no one wants exposed
AWS Patterns

These are the patterns of exposure URIs that you may find in your AWS accounts:

s3 https://{user_provided}.s3.amazonaws.com
cloudfront https://{random_id}.cloudfront.net
ec2 ec2-{ip-seperated}.compute-1.amazonaws.com
es https://{user_provided}-{random_id}.{region}.es.amazonaws.com
elb http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80
https://{user_provided}-{random_id}.{region}.elb.amazonaws.com:443
elbv2
https://{user_provided}-{random_id}.{region}.elb.amazonaws.com
rds mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432
route 53
{user_provided}
execute-api
https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided}
cloudsearch https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com
transfer
sftp://s-{random_id}.server.transfer.{region}.amazonaws.com
iot mqtt://{random_id}.iot.{region}.amazonaws.com:8883
https://{random_id}.iot.{region}.amazonaws.com:8443
https://{random_id}.iot.{region}.amazonaws.com:443
mq https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162
ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617
kafka b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
{user_provided}.{random_id}.c{1,2}.kafka.useast-1.amazonaws.com
cloud9
https://{random_id}.vfs.cloud9.{region}.amazonaws.com
mediastore
https://{random_id}.data.mediastore.{region}.amazonaws.com
kinesisvideo
https://{random_id}.kinesisvideo.{region}.amazonaws.com
mediaconvert
https://{random_id}.mediaconvert.{region}.amazonaws.com
mediapackage
https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel

 

ACodD Presentation Abstract:

Right now, at the click of a button, can you answer the question “What in my cloud environments is internet-facing?” 
 
For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any security program. How can we practically make the dynamic changes occurring in every cloud account easier to monitor for unnecessary exposures? 
 
In this presentation we will look at the most pragmatic ways to continuously monitor your cloud environments and operationalize that information to identify vulnerabilities. From AWS Provable Security Model and Access Analyzer, to customized automation, and review the state of the art with major cloud providers. 


Authors

Acknowledgments

  • Hat tip to anyone whose code was used
  • Inspiration
  • etc.
Topics:Speaking Engagements

Comments

Need a Cybersecurity Expert to Speak at Your Event?

Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at contact@bishopfox.com

More...

Subscribe to Updates