Download - Penetration testing the cloud - vlad gostom
![Page 1: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/1.jpg)
演讲题目
Penetrat ion Test ing the
Cloud
![Page 2: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/2.jpg)
Thank You
• Cloud Connect China
• Sponsors
• Department 83
• Peoples Republic of China
![Page 3: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/3.jpg)
Background
• Vlad Gostomelsky
• Managing Consultant
• Penetration Tester 16+ years
• Spirent Communications
• Banks, Vehicles, ICS, Wireless, Embedded Systems, Satellites, Power Generation
![Page 4: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/4.jpg)
Assumptions
• Currently deployed cloud hosting
• Plan to transition to cloud hosted data center
![Page 5: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/5.jpg)
Advantages
• Overhead Costs
• Pay only for what’s used
• Elastic Capacity
• Agile
• Infrastructure as a Service
![Page 6: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/6.jpg)
Model
• Public
• Private
• Community
• Hybrid
![Page 7: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/7.jpg)
Attack Surface
• External Attacks
• Internal Attacks
![Page 8: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/8.jpg)
Cloud Attack Surface
• External Attacks
• Internal Attacks
• Provider
• Misconfiguration
• Hypervisor Attacks
• Government/National Security Letters
![Page 9: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/9.jpg)
External Attacks
• Front End
• Exposed Interfaces
• Misconfigurations
• Malicious Clients
![Page 10: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/10.jpg)
Internal Attacks
• Malicious Employees
• Disgruntled former Employees
• Incompetence
![Page 11: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/11.jpg)
Provider Attacks
• Hypervisor
• Trust
• Routing
• Certificates
![Page 12: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/12.jpg)
Hypervisor Attacks
• Vulnerability in the virtualization platform
• Known 0 days
• Transparency from Providers
• Auditing
• Code Review
![Page 13: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/13.jpg)
Routing
• DOS/DDOS
• Preferred DNS
• Shunning
• False BGP Route advertising
• Load Balancing
• Content Injection
![Page 14: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/14.jpg)
Certificates
• Certificate Authority
• Forged Certificates
![Page 15: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/15.jpg)
Public Cloud
• Shared Environment
• Malicious Clients
• Profiling
• Crossover Attacks
• Increased Exposure due to Other Services
![Page 16: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/16.jpg)
Private Cloud
• Isolated Environment
• Profiling
![Page 17: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/17.jpg)
Differences
![Page 18: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/18.jpg)
Conventional Attacks
• Exposed Services
• API
• Unauthenticated API Calls
![Page 19: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/19.jpg)
Admin Interface
• Malicious Insiders
• Misconfiguration
• Routing Errors
![Page 20: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/20.jpg)
Internal IPs
• Compromise
• Entrench
• Pivot
• Repeat
![Page 21: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/21.jpg)
Testing
• Upload Malicious Hypervisor
• Back-Doored OS
• Ability to download and examine OS
• Transparency
• Pivot
![Page 22: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/22.jpg)
Migration
• Most vulnerable point
• All data virtualized
• Unsupervised transfer
• Potential for tampering
![Page 23: Penetration testing the cloud - vlad gostom](https://reader031.vdocuments.site/reader031/viewer/2022022203/587199631a28ab044e8b55c7/html5/thumbnails/23.jpg)
Migration Done Right
• Process
• Plan
• Audit
• Verification