If you are the kind of crazy that we are at Plerion, and you’ve decided to build a product that integrates with AWS Security Hub, this blog post is for the 93 of you.
AWS security research can feel impenetrable so here is a guide to get you started.
You’re eager to get to the data theft? What about that whole cyber kill chain thing; installation, command & control, actions on objectives? What if someone is watching?
Your instinct is probably to type “whoami” and luckily AWS has an equivalent – aws sts get-caller-identity. It won’t give you much but it will start painting the picture.
Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.
Github supports roles instead of credentials of integrating CI/CD with AWS. It’s easy to misconfigure so let’s show the impact.