Useful AWS Tools and Links

This week our topic is going to be AWS.  Amazon Web Services (AWS) was the leading cloud service provider in Q3 2020, increasing its share of total spend from last quarter to 32%. Working with several local and global organizations using AWS, we keep learning more and more about the platform and enrich our knowledge to stay on top of the most recent learnings and insights.

 

Here’s a great group of tools and resources to learn from:

First up, we’ve got Offensive Terraform Modules - a collection of automated offensive attack modules defined as Infrastructure as Code (IaC). My favorite one is "Cross Account Persistence". For more information and new attack vectors, why not set up a virtual coffee date with our CTO and co-founder Or Azarzar.

image-wb63a

 

Next up is Anatomy of AWS Lambda - Lambda internals is super important for offensive, defensive, and R&D purposes.

image-c63c5

 

Then there’s serverless.com - Following recommendation No. 2, I personally believe that reading about a topic is not enough, you need to practice! Using the Serverless framework, it is super easy to develop a serverless architecture and better understand the Lambda internals. I dare you to develop a vulnerable architecture and share an exploitation tutorial with us. Are you up to the challenge??

image-h3b38

 

And for now, the last one is aws-s3-virusscan - It can be useful especially for public buckets, with improper permissions ofA R/W.

image-wa748

 

-----------------------------------

About Lightspin

Lightspin’s contextual cloud security platform protects native, Kubernetes, and microservices from known and unknown risks. Using predictive graph-based technology, Lightspin empowers cloud and security teams to eliminate risks by proactively blocking all attack paths while maximizing productivity by dramatically reducing and prioritizing security alerts, to cut down remediation time.

For more information, visit: https://www.lightspin.io/

Comments