In November 2018, I attended the AWS re: Invent Conference in Las Vegas. It’s a great conference for those of you interested in AWS. It can be a bit overwhelming, but if you narrow your focus to the seminars that really interest you, it will be worth your while. Who cares about the swag and parties?! 🙂

One seminar I attended was Red vs Blue Team held at The Venetian Conference Center. The presenters were: Teri Radichel CEO of 2nd Sight Lab and Kolby Allen of Zhipwhip.

The gist of this particular seminar was to show how it’s possible to gain serious access to your AWS credentials and data. It was fascinating to see how easily this could take place. In the fast paced race to the Cloud, it’s not far fetched at all that this could happen. So many configurations are left vanilla, as pressure is placed on Teams to deliver by yesterday. Teri Radichel showed in quick order, what little effort it took to gather credentials from an end user with read privileges. Since AWS credentials are stored local for the user (in plain text) this was her promising start. You could parlay those credentials into running queries against the VPC environment to help you map out the lay of the land. Later on, she was able to grab database credentials, since the db passwords were stored in a text file. This doesn’t happen in the real world! I know developers never keep credential information in their code these days right?!

The cool thing is, she demonstrated how to leverage tools/AWS lambda functions within the cloud to exploit weaknesses at the targeted VPC. This was all without using the more powerful exploit tools out in the wild these days.

Fret not, the Blue Team (Kolby) was there to save the day! He shared advice on ways to mitigate these exploits. Multi Factor Auth and IAM were important first steps.

The Code Spaces catastrophe was mentioned as a catalyst to making VPC’s more secure. All the security in the world won’t help, if the threat comes from the inside. Separation of Services and Offsite backups are your Bros.

I have a link to the actual seminar if you would like more detail on how Teri Radichel executed her exploits:

If you want to learn more about Code Spaces:

https://www.csoonline.com/article/2365062/disaster-recovery/code-spaces-forced-to-close-its-doors-after-security-incident.html