UGOTAG | Videos with Chapter Markers  
  
× ANCIENT WORLD ANIMALS AQUARIUM ARCHERY ARCHITECTURE ART ARTIFICIAL INTELLIGENCE AUDIO BOOKS AVIATION BABY BEAUTY BIG THOUGHTS BIKING BIOLOGY BIRDS BLOCKCHAIN BUSINESS AUTOMOTIVE CATS CHRISTMAS COLD WAR COMPUTER SECURITY CRAFTS CRIME STORIES CRYPTOCURRENCY CSGO DIGITAL COMBAT SIMULATOR DINOSAUR DOGS EASTER ECONOMICS ELECTRONICS ENGINEERING ENVIRONMENT FAR CRY 5 FARMING FASHION FISHING FITNESS FOOD & DRINK FORTNITE BATTLE ROYALE FREEDOM OF SPEECH FUNNY GAMBLING GAMING GARDENING GEOPOLITICS GOD OF WAR GUITAR GUNS HALLOWEEN HARRY POTTER HEALTH & WELLNESS HISTORY YOUR HOME HOME REPAIR HOMEBREW INSECTS INTERESTING KIDS KITCHEN KNITTING LAWNCARE LEGO LIQUOR LOCKSPORT MARKETING MARTIAL ARTS MATH MENS STYLE MINECRAFT MOBILE DEVICES MOTORBIKES MOVIES MULTIPLICATION MUSIC MYSTERY NEUROSCIENCE OLYMPICS ORGANIZATION OUTDOORS PETS PHILOSOPHY PHOTOGRAPHY PHYSICS PI DAY POLITICS POTTERY PRIVACY PROGRAMMING PSYCHOLOGY RECIPE RED DEAD REDEMPTION RELAXING RELIGION REMOTE CONTROL ROCKCLIMBING SCI FI SCI FY SCIENCE SHOOTING SPORTS SKATEBOARDING SPECIAL FORCES SPEECHES SPORTS STAR WARS STEM STPATRICKS STYLE TECHNOLOGY THANKSGIVING TOYS TRAVEL TV VALENTINE'S DAY WAR WEDDING WOODWORKING WW1 WORLD WAR 2
HOME  |  TECHNOLOGY  |  HEALTH  |  FOOD  |  MORE

Episode Markers
  • 01:56
     
    #red teaming Azure   
    we're just talking about red teaming Azure environments
  • 02:27
     
    #Homeland    #NSA    #Bryce Kunz Speaker BIO   
    I used to work at Homeland I worked in their security operations center and I've led a bunch of their defensive hunting down APT's in the network trying to get them out for quite a few years and then I worked at NSA and I was doing mostly offensive work which is really more of my passion kind of been you know involved in hacking and hacking scene since I was really young. So yeah so and then I I worked at inside their experienced cloud business.Bryce Kunz Speaker BIO
  • 03:20
     
    #red teaming    #AWS    #Azure   
    you guys want the slides you know happy to share those so so now I am actually the president of stage 2 security so we do a lot of red teaming against AWS environments and also some Azure environments
  • 04:18
     
    #portal portion    #control plane    #data    #data    #IaaS overview   
    Right so so the way that I generally break up cloud is into three segments regardless the provider. You have kind of the portal portion and that's what you is kind of the customer of the cloud sees and interact with. Then you have this kind of control plane which is a lot of the api's and some of those are exposed to you as a user of the cloud and some are kind of just internal use only. Then the data is kind of where all your data or VMs reside. IaaS overview
  • 06:33
     
    #Jenkins    #dev pipeline in IaaS   
    Jenkins and other CI type tools deployment type tools all right those kind of build your pipeline and those usually customize for each organization and then lastlydev pipeline in IaaS
  • 07:37
     
    #seen half a million dollars   
    I've personally seen half a million dollars in bills racked up so the
  • 07:46
     
    #IaaS compromise example   
    There was a group and they got access to companies rout AWS keys which generally you're not supposed to use because it's really hard to rotate or do anything. They basically sent ransom like said pay us money or we're going to destroy your infrastructure and they kind of thought they were joking and no they went in and all their backups were also an ad about so they deleted all their backups and they deleted all their via and destroyed the entire company that went out of business overnight.IaaS compromise example
  • 08:56
     
    #Google dork    #IaaS keys in pastbin/github   
    so I give you literally take that Google dork and search for it. IaaS keys in pastbin/github
  • 10:07
     
    #hacking Jenkins   
    Against the pipeline which there's been a lot of talks about hacking Jenkins and other services like that
  • 10:50
     
    #SaaS-IaaS macro attack   
    Potentially sending macros in and waiting for people to run them. SaaS-IaaS macro attack
  • 11:20
     
    #SaaS-IaaS map of pwnage   
    SaaS-IaaS map of pwnage
  • 11:40
     
    #Azure Storage   
    Azure Storage
  • 13:35
     
    #gobuster   
    gobuster directory and DNS brute forcing tool.
  • 16:04
     
    #nimbusland   
    nimbusland to determine if an IP is AWS or Azure.
  • 16:32
     
    #lolruslove web spider   
    lolruslove web spider for AWS buckets and Azure blobs.
  • 18:34
     
    #.NET apps   
    Developers are coding they're like .NET apps you'll find the web.config file and if that's integrated with Azure it will also contain like kind of either as SaaS your URL URI or a like access token.
  • 18:37
     
    #Azure    #SAS    #URI   
    apps you'll find the web config file and if that's integrated with Azure it will also contain like kind of either as SAS your URL URI or a like access token which you can use to access the storage
  • 23:30
     
    #PowerShell    #Endpoint compromise stepping stone   
    Get access to admin or dev boxes oftentimes they'll set up this PowerShell CLI special which allow them to interface with that Azure that the control plane and throughout the services so you know a lot of times Endpoint compromise stepping stone
  • 25:47
     
    #IaaS Blue team   
    I'd usually just do az account show and that's kind of your whoami equivalent right because a lot of times when you're pulling these creds off the box you're actually not really sure who they belong to. So this kind of helps you out. On the flip side I mean maybe you want to monitor for that on the Azure side.IaaS Blue team
  • 26:08
     
    #Expand Access in IaaS   
    Expand Access in IaaS
  • 29:08
     
    #Azure Capture Image   
    Azure Capture Image
  • 29:39
     
    #Linux persistence   
    Oftentimes I'll just add an ssh key right. Because you can attend multiple SSH keys and two if they're using that to authenticate to a linux server and then you can boot back up the VM. But in Azure land generally you have to kind of destroy a lot of the configuration data. Linux persistence
  • 30:22
     
    #VM   
    agent will load up which will then let you to execute more commands so you can also use those to run custom scripts like the command here will download a script off github and then run it inside a VM
  • 30:45
     
    #IaaS persistence   
    IaaS persistence
  • 33:22
     
    #persistence via agents in Azure   
    that probably a little crazy like probably really shouldn't use it on a red team engagement but it does work so the the agent that you have installed by default on mo persistence via agents in Azure
  • 36:26
     
    #Python debugger    #pyrite    #pyrite    #Python debugger    #pyrite   
    The Python debugger to kind of get ya to figure out what how the code is working right and step through it. There's another project called pyrite which is really cool but you do have to install some dependencies on the box nothing crazy but like you have to have gdb working and a couple other things. pyrite's cool because you know the Python debugger you start the process and then you step through kind of line by line right but pyrite will actually inject your debugger into an already existing running process.
  • 44:58
     
    #HubbleStack    #SaltStack    #HubbleStack   
    HubbleStack implementation and how many of you raise the hands have heard of salt before or SaltStack yeah so all HubbleStack is is like extension to solve so if you already have your salt minions deployed then you implement Hubble on top of that and it uses that salt infrastructure to kind of do all these security functions on your targets so and it's kind of designed from the ground up to send data back to like a Splunk or elk type infrastructure.
  • 50:24
     
    #Mitigations   
    Mitigations

BSides Nashville 2018 Red 00 Blue Cloud of Death Red Teaming Azure Bryce Kunz

Hacking AWS, Azure and IaaS infrastructure from BSides Nashville.






Community tags: computer_security     HOME     SIGN UP     CONTACT US