技术控

    今日:126| 主题:49390
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] Creating IAM credentials in AWS to deceive attackers

[复制链接]
橡皮人 发表于 7 天前
8 5

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
Creating IAM credentials in AWS to deceive attackers-1 (limitless,machines,deployed,properly,related)         
                  Early Warning Detectors Using AWS Access Keys as Honeytokens      

              November 30, 2016   |            Jen Andre   |  Komand Tech        
                                                        Deception lures are all of the rage these days,                         and when deployed properly, are extremely low overhead to maintain and trigger little to no false alarms. Honeytokens, closely related to honeypots, are ‘tripwires’ that you leave on machines and data stores as early warning indications of a breach. Using AWS IAM access keys, we can create nearly limitless honeytokens for attackers to stumble upon - and it’s easy and free!         
          Knowing that AWS IAM access keys are of high value to targets, the idea is to leave valid (but permissionless) access keys as ‘lures’ on machines, Github repos, or anywhere really. When attackers breach a target, they will find these keys, and attempt to use them. When such a key is used, you (the defender) know that some bad stuff is happening.
          Using some of AWS’s features (such as CloudWatch and Cloudtrail), I’ll show you how to build notifications when someone attempts to use these keys for any AWS API actions (which will fail), triggering the alarm.         
          Step 1: Create AWS IAM Credentials with no permissions

          Using IAM, either via the console or API, create a user account that has no permissions and generate one or more access keys. To be extra safe, you can do this on a ‘dummy’ AWS account that is completely separate from your normal infrastructure.
Creating IAM credentials in AWS to deceive attackers-2 (limitless,machines,deployed,properly,related)                     
          To reiterate, it’s important this account            has no privileges            including no console privileges. It doesn’t need to! We can configure alerts on API failures, as described below.              
                     
          Step 2: Setup CloudTrail & CloudWatch to notify on key usage

          Now that you have your keys for your bogus account, it’s time to set up notifications in AWS when those keys are used. We'll use the builtin capabilities of CloudTrail (Amazon's audit trail logging system) and CloudWatch (its built-in monitoring/alert system) to accomplish this.
                                                                      First things first: You need to record API events using CloudTrail. Nothing special here, the UI will configure it for you:
友荐云推荐




上一篇:Making beats on a tiny Arduino DJ controller
下一篇:Yes, Virginia, You Can Get More than 5000 SharePoint Items with REST
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

a451867365 发表于 7 天前
虫星人来了,都叫兽呢?
回复 支持 反对

使用道具 举报

破碎残渣 发表于 7 天前
过一百过两百,橡皮人真的做到
回复 支持 反对

使用道具 举报

xdagl 发表于 7 天前
总有一天我会骄傲的对你说:滚,我不需要你。
回复 支持 反对

使用道具 举报

冯丹 发表于 7 天前
叮铃叮铃,楼主开门,我是送快递的!
回复 支持 反对

使用道具 举报

value918 发表于 7 天前
关注一下!
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表