Tools and code used during my talk at RootedCON 2017
March 3rd, 2017
##CloudFormation Template Template used for demos is based on my existing CFN template to automate deploy of Security Monkey. For additional steps after deployment please go to that repo documentation here here ###What does this CFN template?
- Creates a VPC with a public subnet for two instances and a private subnet for RDS (Pgsql used by SecurityMonkey)
- One instance is dedicated to Security Monkey the other has Tools and sample code on it like: Prowler, ThreatResponse Tools (see the template for details)
##Presentation in PPTX format See file Automate or die - Rootedcon 2017.pptx in this repo. You can easily use all links in the References slide. All links below in this README. That presentation contains also hidden slides that I didn't show during my talk.
##Some commands used during my Demo 1- Instance Role - metadata server:
aws sts get-session-token --duration-seconds 129600
aws ec2 describe-instances
aws ec2 create-key-pair --key-name admin666 --output text
2- Mad-King attack (Tools Instance): Demo Video mad-king
aws configureuse valid keys
zappa deploy productionand go to output URL
3- Incident Response aws_ir (Tools Instance):
aws_ir key-compromise --access-key-id AKIAJTEST
aws_ir instance-compromise --instance-ip IP --user centos --ssh-key ~/key-toplay.pem --repository-url https://threatresponse-lime-modules.s3.amazonaws.com
volatility -f IP-2017-02-23T02\:15\:48-mem.lime imageinfo
volatility -f IP-2017-02-23T02\:15\:48-mem.lime --profile=Ubuntu14043 linux_pslist
4- Hardening template, Prowler, SecurityMonkey
- hardening template from here
- run prowler (ssh to Tools Instance, aws-cli must be configured)
- show securitymonkey
5- Cleanup demo!!
- Delete CFN Stacks, SSH keys and Access keys!
##All links and tools mentioned during the talk in order of appearance
- Become an IAM Ninja: https://youtu.be/Du478i9O_mc
- Gone in 60 Millisecons (33c3): https://www.youtube.com/watch?v=YZ058hmLuv0
- Serverless Security https://www.rsaconference.com/writable/presentations/file_upload/asd-f01_serverless-security-are-you-ready-for-the-future.pdf