Materials used and mentioned during my talk at SANS Cloud Security Summit 2018 in San Diego
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Forensics-as-a-Service-Toni-de-la-Fuente-SanDiego-2018.pptx
LICENSE
README.md

README.md

Tools and code used during my talk at SANS Cloud Security Summit 2018 in San Diego

Forensics as a Service: IRDF in the Cloud

February 19th, 2018


Presentation in PPTX format

See file Forensics-as-a-Service-Toni-de-la-Fuente-SanDiego-2018.pptx in this repo. You can easier use all links in the References slide. All links are also below in this README.

Some commands used during my Demo

1- ./prowler -c forensics-ready

2- Incident Response aws_ir (Tools Instance):

Demo Video instance compromise

Demo Video key compromise

  • --target i-12345678901234 --user ubuntu --ssh-key ~/key-toplay.pem \
    --plugins gather_host,snapshotdisks_host,tag_host,examineracl_host,get_memory,isolate_host,stop_host```
    
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime imageinfo
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime --profile=Ubuntu14043 linux_pslist
  • aws_ir key-compromise --access-key-id AKIAJTEST

4- Hardening template, SecurityMonkey

Demo Video

  • hardening template from here
  • run prowler (ssh to Tools Instance, aws-cli must be configured)
  • cd /opt/aws-cis-security-benchmark
  • ./prowler
  • show securitymonkey

All links and tools mentioned during the talk