Last active
September 26, 2022 06:00
-
-
Save carnal0wnage/ed9e4c10e065bd00e21e2af67301e9d9 to your computer and use it in GitHub Desktop.
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links SessionID: HTA-W02 | |
| https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains | |
| Recording of talk from CERN | |
| https://indico.cern.ch/event/622483/ (click the recording button) | |
| Past talks: | |
| http://www.slideshare.net/KenJohnson61/aws-surival-guide | |
| [Ken Johnson earlier talk on AWS security, dedicated to using these services (cloudwatch/config/cloudtrail)] | |
| https://www.youtube.com/watch?v=g-wy9NdATtA&feature=youtu.be | |
| Chris Gates & Ken Johnson - DevOops: Redux - AppSecUSA 2016 | |
| https://www.youtube.com/watch?v=VMyp74ct2H0 | |
| [nVisium Blog] | |
| https://nvisium.com/blog/ | |
| [Chris Gates Blog] | |
| http://carnal0wnage.attackresearch.com | |
| [In the news examples] | |
| https://www.quora.com/My-AWS-account-was-hacked-and-I-have-a-50-000-bill-how-can-I-reduce-the-amount-I-need-to-pay | |
| https://medium.com/how-i-learned-ruby-rails/how-to-get-robbed-by-insecure-practices-8a1118fe3d7f#.9o81eqare | |
| http://www.theregister.co.uk/2015/01/06/dev_blunder_shows_github_crawling_with_keyslurping_bots/ | |
| http://searchaws.techtarget.com/news/2240223024/Code-Spaces-goes-dark-after-AWS-cloud-security-hack | |
| https://www.databreaches.net/dozens-of-clinics-thousands-of-patients-impacted-by-third-party-data-leak/ | |
| https://mackeeper.com/blog/post/275-30-breaches-in-one | |
| http://www.techrepublic.com/article/massive-ransomware-attack-takes-out-27000-mongodb-servers/ | |
| http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html | |
| [Slack Logs] | |
| https://api.slack.com/methods/team.accessLogs | |
| https://github.com/maus-/slack-auditor | |
| [GitRob] | |
| https://github.com/michenriksen/gitrob | |
| [TruffleHog] | |
| https://github.com/dxa4481/truffleHog | |
| [GitMonitor] | |
| https://gitmonitor.com/ | |
| [Open Source Tools for monitoring pastebin*] | |
| https://github.com/jordan-wright/dumpmon | |
| https://github.com/xme/pastemon | |
| https://github.com/cvandeplas/pystemon | |
| [osquery] | |
| https://osquery.io/ | |
| [Doorman] | |
| https://github.com/mwielgoszewski/doorman | |
| [BlockBlock] | |
| https://objective-see.com/products/blockblock.html | |
| [Little Snitch] | |
| https://www.obdev.at/products/littlesnitch/index.html | |
| [CarbonBlack] | |
| https://www.carbonblack.com/ | |
| [StreamAlert] | |
| https://github.com/airbnb/streamalert | |
| Patch Management | |
| [Simian] | |
| https://github.com/google/simian | |
| [Munki] | |
| https://www.munki.org/munki/ | |
| [Jenkins] | |
| https://wiki.jenkins-ci.org/display/SECURITY/Home | |
| https://www.pentestgeek.com/2014/06/13/hacking-jenkins-servers-with-no-password/ | |
| http://www.labofapenetrationtester.com/2014/06/hacking-jenkins-servers.html | |
| http://zeroknock.blogspot.com/search/label/Hacking%20Jenkins | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_script_console.rb | |
| [ElasticSearch] | |
| http://carnal0wnage.attackresearch.com/2017/01/devooops-elasticsearch.html | |
| In-Memory Databases | |
| [Redis] | |
| https://redis.io/topics/security | |
| http://antirez.com/news/96 | |
| http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/ | |
| https://gist.github.com/lokielse/d4e62ae1bb2d5da50ec04aadccc6edf1 | |
| [Memcache] | |
| http://www.slideshare.net/wallarm/us-14novikovthenewpageofinjectionsbookmemcachedinjectionswp | |
| http://infiltrate.tumblr.com/post/38565427/hacking-memcache | |
| http://www.darkcoding.net/software/memcached-list-all-keys/ | |
| https://5mins.wordpress.com/2011/04/25/plaidctf-django-challenge-writeup-web-300/ | |
| http://www.slideshare.net/sensepost/cache-on-delivery | |
| http://blog.couchbase.com/memcached-go-derper-black-hat-and-amazon-web-services-aws-security-bulletin | |
| https://lincolnloop.com/blog/playing-pickle-security/ | |
| https://www.sensepost.com/blog/2010/playing-with-python-pickle-%231/ | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/memcached_extractor.rb | |
| Big Data | |
| [Hadoop] | |
| http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf | |
| https://hadoopecosystemtable.github.io/ | |
| [Vagrant] | |
| http://carnal0wnage.attackresearch.com/2017/01/devooops-client-provisioning-vagrant.html | |
| [Docker] | |
| https://zeltser.com/security-risks-and-benefits-of-docker-application/ | |
| https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/ | |
| http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security | |
| https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf | |
| https://www.sumologic.com/blog-security/securing-docker-containers/ | |
| https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf/ | |
| [Shipyard] | |
| https://github.com/shipyard/shipyard | |
| [AWS - Vulnerable Webapps] | |
| https://www.blackhat.com/docs/us-14/materials/us-14-Riancho-Pivoting-In-Amazon-Clouds-WP.pdf | |
| https://andresriancho.github.io/nimbostratus/ | |
| [Review S3 buckets to determine security policy] | |
| https://gist.github.com/cktricky/faf0f40116e535a055b7412458136917 | |
| [Ken Johnson earlier talk on AWS security, dedicated to using these services (cloudwatch/config/cloudtrail)] | |
| https://www.youtube.com/watch?v=g-wy9NdATtA&feature=youtu.be | |
| [Tool to list the monitoring services configuration] | |
| CloudWatch / CloudTrail / Config | |
| https://gist.github.com/cktricky/f19e8d55ea5dcb1fdade6ede588c6576 | |
| [Review “Well Architected Framework” from AWS which discuss monitoring and other controls] | |
| http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf | |
| [Tool to inspect each user’s permissions] | |
| https://gist.github.com/cktricky/257990df2f36aa3a01a8809777d49f5d | |
| [If you’re using something like Paperclip + Rails, try Fog to leverage Roles] | |
| https://github.com/thoughtbot/paperclip/issues/1591 | |
| [Backdooring AWS accounts] | |
| https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9#.e341mt8zn | |
| https://danielgrzelak.com/exploring-an-aws-account-after-pwning-it-ff629c2aae39#.7198xyt30 | |
| https://danielgrzelak.com/disrupting-aws-logging-a42e437d6594#.nb8s0ser4 | |
| [Gone in 60 Milliseconds - Intrusion and Exfiltration in Server-less Architectures ] | |
| https://www.youtube.com/watch?v=YZ058hmLuv0 | |
| [Scout 2 AWS Auditing] | |
| https://github.com/nccgroup/Scout2 | |
https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains seems to be working now
@carnal0wnage in your slides you mention the repository https://github.com/carnal0wnage/aws-interrogate, but it doesn't seem to exist and be public. Any way you could share it?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the link to the RSA slide deck is not working, have you not yet uploaded them to SlideShare?
Thanks for a great talk.