Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE....

29
Hacking the Cloud PENETRATION TESTING IN AZURE

Transcript of Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE....

Page 1: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Hacking the CloudPENETRATION TESTING IN AZURE

Page 2: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Agenda

• > whoami

• Why Red Team

• Attack Methodology

• Best Practices

Page 3: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Matt Burrough

Page 4: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

The Purpose of a Red Team

• Penetration Testers whose aim is to find security weaknesses before a real attacker can

• Best Friends/Archrivals of the Blue Team (Defenders)

• Often operate with “Assume Breach” mindset

• Exercises the detection and response capabilities of the security operations teams

• Complements existing security controls (code reviews, SDL, auditing)

Page 5: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Methodology

1. Establish Scope / Get Permission

2. Initial Reconnaissance

3. Gain Subscription Access

4. Cloud Service Exploitation & Pivot

Page 6: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

1. Scoping: A Hybrid Approach

Private Cloud

Public Cloud

CorporateNetwork

Page 7: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Permission

• https://security-forms.azure.com/penetration-testing

• https://security-forms.azure.com/penetration-testing/terms

https://security-forms.azure.com/penetration-testing
https://security-forms.azure.com/penetration-testing/terms
Page 8: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

2. Reconnaissance

• Intranet pages

• SharePoint

• GitHub / VSO

• LinkedIn

• Leaked Password Lists

• Nmap

• Nessus

Page 9: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

3. Gaining Access

• Phishing

• Leaked Credentials

• Stolen Credentials

• Two-Factor Authentication Bypass

Page 10: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Phishing

• Check Employee Readiness

• Validate Security Operations Response

Page 11: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.
Page 12: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Leaking Credentials

• Management Certificates

• .PublishSettings Files

• .Config Files

• Storage Account Keys

Page 13: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Management Certificates

Page 14: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

.PublishSettings Files

Page 15: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

.Config Files

Page 16: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Storage Account Keys

Page 17: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Stolen Credentials

• Password Lists

• Password Cracking

• Mimikatz

Page 18: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Password Lists

Page 19: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Password Cracking

• Dictionary

• Brute Force

Page 20: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Mimikatz

Page 21: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Two-Factor Bypass

• Service Accounts

• Piggy Backing

• Cookie Theft

Page 22: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Cookie Theft

Page 23: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

4. Cloud Service Exploitation / Pivoting

• Misconfigurations

• Firewall Rules / ACLs

• Security Monitoring

• Design Flaws

• Data Theft

• VHD Downloads

Page 24: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Firewall Rules & ACLs

Page 25: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Lack of Monitoring For Changes

• Adding User or Management Cert to Subscription

• Adding/removing a role to an RBAC user

Page 26: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Design Flaws

• Find vulnerabilities, exploit them.

Page 27: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

VHD Cloning

Page 28: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Best Practices

• Enable & use any security features available

• Enable 2FA

• Use alt-accounts and SAWs/PAWs

• Audit your logs regularly and alert on key events

• Separate DEV and PROD, Logging

• Least Privilege

Page 29: Hacking the Cloud - Cloud Security Alliance · Hacking the Cloud PENETRATION TESTING IN AZURE. Agenda •> whoami •Why Red Team •Attack Methodology •Best Practices. Matt Burrough.

Thanks!MAT T B UR R O UGHMAT T B URR @MICR OSOFT.COM@ MAT T B UR RO UGH


BlackHat Hacking - Hacking VoIP.

BlackHat Hacking - Hacking VoIP.

A Hacking Atlas: Holistic Hacking in the Urban Theater · 2018-12-05 · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below)

A Hacking Atlas: Holistic Hacking in the Urban Theater · 2018-12-05 · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below)

+ Diffusion of Innovations iPads in the Education by Kristy Burrough Picture taken from

+ Diffusion of Innovations iPads in the Education by Kristy Burrough Picture taken from

5 lukas ruf hacking in the cloud

5 lukas ruf hacking in the cloud

Hacking: Computer Hacking Beginners Guide

Hacking: Computer Hacking Beginners Guide

Hacking health-camp - Hacking Health

Hacking health-camp - Hacking Health

Hacking Rural Medicine - Hacking 101

Hacking Rural Medicine - Hacking 101

"Hacking" JIRA and Confluence Cloud Part 1 - Connect Your Apps - Travis Smith

"Hacking" JIRA and Confluence Cloud Part 1 - Connect Your Apps - Travis Smith

Hacking the Cloud - Active Directory Security – Active ... · PDF fileHacking the Cloud Gerald Steere ... Security Best Practices for Windows Azure Solutions - Download Center ...

Hacking the Cloud - Active Directory Security – Active ... · PDF fileHacking the Cloud Gerald Steere ... Security Best Practices for Windows Azure Solutions - Download Center ...

Hacking and Civic Hacking

Hacking and Civic Hacking

Hacking the Cloud - adsecurity.org

Hacking the Cloud - adsecurity.org

Hacking The Cloud(s) - EXFiLTRATEDexfiltrated.com/research/HackingTheClouds.pdf · 2018-03-21 · Cloud Translation •For many “tasks”, the cloud is no different than traditional

Hacking The Cloud(s) - EXFiLTRATEDexfiltrated.com/research/HackingTheClouds.pdf · 2018-03-21 · Cloud Translation •For many “tasks”, the cloud is no different than traditional

Growth Hacking - Cloud Object Storage | Store & Retrieve ... · The Growth Hacking Funnel This is the growth hacking funnel. It represents the major stages of the user lifecycle for

Growth Hacking - Cloud Object Storage | Store & Retrieve ... · The Growth Hacking Funnel This is the growth hacking funnel. It represents the major stages of the user lifecycle for

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

Cloud Security @ TIM · Cloud Security @ TIM ... Building a secure cloud for hosting Enterprise SAAS is a TOP Priority . 5 ... • Hands on Hacking Web Application (HOH)

Cloud Security @ TIM · Cloud Security @ TIM ... Building a secure cloud for hosting Enterprise SAAS is a TOP Priority . 5 ... • Hands on Hacking Web Application (HOH)

Hacking( Full hacking guide for beginners)

Hacking( Full hacking guide for beginners)

A Hacking Atlas: Holistic Hacking in the Urban Theater€¦ · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below) are introduced

A Hacking Atlas: Holistic Hacking in the Urban Theater€¦ · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below) are introduced

Hacking the Cloud - DEF CON CON 25/DEF CON 25 presentations/DEF… · Hacking the Cloud Gerald Steere ... Currency exchange –what do I do with all these hashes? ... Attacking Azure,

Hacking the Cloud - DEF CON CON 25/DEF CON 25 presentations/DEF… · Hacking the Cloud Gerald Steere ... Currency exchange –what do I do with all these hashes? ... Attacking Azure,

"Hacking" JIRA and Confluence Cloud Part 2 - Build Your Own - Luke Kilpatrick

"Hacking" JIRA and Confluence Cloud Part 2 - Build Your Own - Luke Kilpatrick

Hacking cloud computing adoption

Hacking cloud computing adoption