Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
9SANS Blue Team Summit 2023
Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
Speaker: Matt Edmondson, Principal Instructor
Cloud breaches due to stolen credentials have become an increasingly prevalent issue in today's digital landscape. With organizations rapidly adopting cloud technologies, understanding the origin of these breaches is crucial for proactive cybersecurity measures. This talk will delve into the practical application of Open Source Intelligence (OSINT) methodologies to investigate the source of cloud breaches resulting from stolen credentials. In this talk, we will discuss the role of OSINT in cloud security and highlight various tools and techniques that can be employed to find the source of exposed credentials and rule out other possible compromise paths. We will then provide a detailed walk-through of a real-world case study involving a compromised AWS S3bucket hosting a CMS website, demonstrating how OSINT can be effectively used to trace the source of a cloud breach.
Attendees will learn how to:
- Investigate AWS CloudTrail logs and identify an attacker's access key.
- Analyze GitHub repositories for accidental exposure of sensitive information.
- Perform a simple vulnerability scan of a CMS website to identify potential entry points.
- Utilize OSINT techniques to gather valuable information about the attacker's identity, tools, and tactics.
- Organize and correlate data gathered during investigation to uncover the most likely origin of the exposed credentials.
By learning from our real-world example, attendees will gain valuable insights into how to effectively investigate, respond to, and prevent similar security breaches in their own environments. Join us to explore the fascinating world of digital forensics and OSINT, and enhance your security skillset in the ever-evolving landscape of cloud technologies.
View upcoming Summits: http://www.sans.org/u/DuS