This past weekend I spoke at BSides Nashville - Get outta my host and into my cloud: A primer for offensive operations in AWS. This talk was similar to my talk last year on Incident Response in AWS at BSides Atlanta. The intent was not to teach pentesting or red teaming, but rather helping to spread cloud knowledge to those who do that on a daily basis.
I deliberately published an Access Key and Secrets. Here’s what happened.
There is no canonical way to use Terraform in CodeBuild, with CodePipeline as the method to review plans before applying them. This post defines a Cloudformation template and the buildspec files needed to create a CodePipeline that runs terraform plan, allows a human to review it, then runs terraform apply.
With ChatGPT being all the rage, I decided to see if she (it?) could write my next blog post for me. I’d already written all the Steampipe queries and determined the security value behind the blog post. I just didn’t feel like writing it.
The post’s topic was on enumerating your network-plane cloud perimeter.
My third annual pre:Invent roundup is posted over on Steampipe’s blog. You can also check out 2021 and 2020 if you’re so inclined.
Back in 2018, I wrote a semi-serious post on what you as a security practitioner should be looking for as it relates to re:Invent announcements.
There were a few hot-takes that didn’t warrant mention on my work post, so I’ll include them here for your general amusement.
It’s pre:Invent 2022, the time of year AWS releases a bunch of new products and features that aren’t big enough to make it on the keynote state of re:Invent. One of my long-awaited features was released last night: CloudFormation support for AWS Organizations!
Before this release, the management of Service Control Policies, Organizational Units, and AWS Accounts was either artisanal or via third-party tools like org-formation. I can finally manage my AWS Organization using the same IaC as I manage the accounts in that organization.
My latest post at Steampipe.io is Enrich Splunk events with Steampipe . This was a fun one to write because it was a culmination on my recent IR work at BSides Atlanta and BSides Augusta.
I’ve written some crazy contraptions to get this stuff into Splunk, and I’ve got to say, Steampipe made it super easy.
I got a bug to tell everyone about the sessions I’m looking forward to at re:Invent this year. Check it out.
At BSides Atlanta today I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane. You can find the Slides here.
A cheerful ghost of cloud security yet to come. I’ll talk about where CloudSec really needs to focus - on the pipeline and ultimately on the cloud developer or engineer. Finally, I’ll close out with a one-year roadmap for how I’d build a third (fourth) program if I’m crazy enough to do this again at my next job.
