Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

README.md

Tools and code used during my talk at SANS Cloud Security Summit 2018 in San Diego

Forensics as a Service: IRDF in the Cloud

February 19th, 2018


Presentation in PPTX format

See file Forensics-as-a-Service-Toni-de-la-Fuente-SanDiego-2018.pptx in this repo. You can easier use all links in the References slide. All links are also below in this README.

Some commands used during my Demo

1- ./prowler -c forensics-ready

2- Incident Response aws_ir (Tools Instance):

Demo Video instance compromise

Demo Video key compromise

  • --target i-12345678901234 --user ubuntu --ssh-key ~/key-toplay.pem \
    --plugins gather_host,snapshotdisks_host,tag_host,examineracl_host,get_memory,isolate_host,stop_host```
    
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime imageinfo
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime --profile=Ubuntu14043 linux_pslist
  • aws_ir key-compromise --access-key-id AKIAJTEST

4- Hardening template, SecurityMonkey

Demo Video

  • hardening template from here
  • run prowler (ssh to Tools Instance, aws-cli must be configured)
  • cd /opt/aws-cis-security-benchmark
  • ./prowler
  • show securitymonkey

All links and tools mentioned during the talk

About

Materials used and mentioned during my talk at SANS Cloud Security Summit 2018 in San Diego

Resources

License

Releases

No releases published

Packages

No packages published