Materials used and mentioned during my talk at SANS Cloud Security Summit 2018 in San Diego
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Tools and code used during my talk at SANS Cloud Security Summit 2018 in San Diego

Forensics as a Service: IRDF in the Cloud

February 19th, 2018

Presentation in PPTX format

See file Forensics-as-a-Service-Toni-de-la-Fuente-SanDiego-2018.pptx in this repo. You can easier use all links in the References slide. All links are also below in this README.

Some commands used during my Demo

1- ./prowler -c forensics-ready

2- Incident Response aws_ir (Tools Instance):

Demo Video instance compromise

Demo Video key compromise

  • --target i-12345678901234 --user ubuntu --ssh-key ~/key-toplay.pem \
    --plugins gather_host,snapshotdisks_host,tag_host,examineracl_host,get_memory,isolate_host,stop_host```
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime imageinfo
  • volatility -f IP-2017-02-23T02\:15\:48-mem.lime --profile=Ubuntu14043 linux_pslist
  • aws_ir key-compromise --access-key-id AKIAJTEST

4- Hardening template, SecurityMonkey

Demo Video

  • hardening template from here
  • run prowler (ssh to Tools Instance, aws-cli must be configured)
  • cd /opt/aws-cis-security-benchmark
  • ./prowler
  • show securitymonkey

All links and tools mentioned during the talk