This is the story of how you print free money using other people's AWS accounts. It’s a story that involves an AWS account, a threat actor named GUI-Vil, and unauthorized crypto mining (cryptojacking). This story is real, and it happens more often than you might think. But how does this actually work, and just as importantly, how can we protect our environments from it with AWS security best practices?
This video was inspired and based on Permiso's research (linked below), but it is not a sponsored video. Enjoy!
💬 Chat with me
Discord: cybr.com/discord
Website: cybr.com
LinkedIn: / christophelimpalair
Twitter: / christophelimp
🔗 Links mentioned in the video:
- Permiso original case study 1: permiso.io/blog/s/unmasking-g...
- Permiso original case study 2: permiso.io/blog/s/anatomy-of-...
- Diagram used/shown in the video: app.eraser.io/workspace/2F0ww...
- Intro to AWS Pentesting: • intro to AWS PENTESTIN...
- Detecting & Terminating Malware in Real-Time (XMRIG): cybr.com/incident-response-ar...
🎓 Courses
- Introduction to AWS Security: cybr.com/courses/introduction...
🚨 Disclaimer
This video is strictly for educational purposes and to teach you how you can detect and mitigate this threat from your or your employer's AWS enviroments. Learning about real threats, ethical hacking, and penetration testing is an important way of protecting ourselves against threat actors.
⏱ Timestamps:
00:00 - 00:27 - Preface
00:28 - 01:09 - Introduction
01:10 - 01:19 - Credit for the case study
01:20 - 01:30 - About the threat actor
01:31 - 02:05 - The stages of a cloud attack
02:06 - 04:25 - Gaining initial access
04:26 - 05:31 - Reconnaissance
05:32 - 07:24 - Persistence & maintaining presence
07:25 - 08:43 - Launching crypto mining resources
08:44 - 10:28 - Evading detection
10:29 - 11:40 - Defending against this attack
11:41 - 12:07 - Outro
#awssecurity #cloudsecurity #cloudpentesting #pentesting #securityassessment #cybersecurity #aws #cryptomining #threatmitigation #threatassessment
Негізгі бет How crypto miners hijack AWS accounts (real case study)
Пікірлер: 15