401 Reading 16 - marsecguy/reading-notes-cyberops GitHub Wiki

Cloud Security/AWS Breach Case Study

  1. What were the three commands used for the attack?

    • Get Credentials <{ AccessKeyId:"", SecretAccessKey:"", }>
    • List Buckets
    • Download Files

  2. What misconfiguration of AWS components allowed the attacker to access sensitive data?

    • Excessive permissions to the IAM role which allowed the attacker to escalate their role/privileges

  3. What are two of the AWS Governance practices that could have prevented such attack?

    • Review roles and access paths to reduce scope
    • Close and delete old, unused instances
    • Don't permit IAM roles to allow adding/replacing other roles

Source: zscaler

⚠️ **GitHub.com Fallback** ⚠️