Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 05_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Gouncil
Tags
Related
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 01_ocred.pdf
- Certified Cybersecurity Technician Exam 212-82 PDF
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 04_ocred.pdf
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 01_ocred_fax_ocred.pdf
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 03_ocred_fax_ocred.pdf
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 05_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Supply Chain Attacks =) QO If an attacker is able to gain access to one of the links, the attacker can infect different parts of the supply chain without leaving any trace “_ O Adisruption in the chain may therefore lead to...
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Supply Chain Attacks =) QO If an attacker is able to gain access to one of the links, the attacker can infect different parts of the supply chain without leaving any trace “_ O Adisruption in the chain may therefore lead to a loss of data privacy and integrity, as well as services unavailability, a violation of the SLA, and economic and reputational losses, which in turn results in the failure to meet customer demand and cascading Supply Chain Attacks A supply chain failure can be caused by incomplete and non-transparent terms of use, hidden dependencies created by cross-cloud applications, inappropriate CSP selection, lack of supplier redundancy, etc. Cloud providers outsource certain tasks to third parties. Thus, the security of the cloud is directly proportional to the security of each link and the extent of dependency on third parties. A disruption in the chain may lead to loss of data privacy and integrity, services unavailability, violation of the SLA, economic and reputational losses failing to meet customer demand, and cascading failure. Many organizations using cloud services trust third-party links for executing or fulfilling certain tasks. If an attacker is able to gain access to one of the links, the attacker can infect different parts of the supply chain without being traced. One attack on a specific link can compromise the security of the entire supply chain. The following are some defensive measures against supply-chain attacks: = Define a set of controls and policies to mitigate supply-chain risks. = Limit the supply chain to a small base. = Develop a containment plan to restrict the damage caused by the failure of a trusted counterparty. = Create visibility mechanisms to detect compromised elements of a supply chain. * Consider procuring third parties that offer information on the security posture of counterparties. Module 02 Page 382 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Exploiting Misconfigured AWS S3 Buckets Step 1: Identify S3 buckets Step 4: Configure aws-cli Attackers use tools such as S3Scanner, lazys3, Bucket Finder, and Go to the terminal and run the command Step 2: Setup AWS command-line interface Step 5: Identify vulnerable S3 buckets Install aws-c1i tocheck the version and create an account Run the command aws s3 1s s3://[bucket_name] Step 3: Extract access keys Step 6: Exploit S3 buckets @ Run the following commands to manipulate the files stored in the S3 buckets: s3-buckets-bruteforcer to find URLs of AWS S3 buckets Signinandgoto https://console.aws.amazon.com/iam/ aws configure € Select Users > Add User aws s3 mv FileName s3://[bucket @ Fillin the necessary details and click on the “Create User” button © Download the CSV file and extract your access keys aws s3 cp FileName s3://[bucket_name]/testfile.svg --no-sign-request aws s3 rm s3://[bucket_name)/test-file.svg -- file.txt --no-sign-request name]/test- no-sign-request L All Rights Reserved. Reproduction Is Strictly Prohibited Exploiting Misconfigured AWS S3 Buckets Follow the steps discussed below to exploit misconfigured AWS S3 buckets. = Step 1: Identify S3 buckets Attackers use tools, such as S3Scanner, lazys3, Bucket Finder, and s3-buckets- bruteforcer, to find the target AWS S3 buckets. Using these tools, attackers can gather the URLs of the identified buckets. For example, the URL of the identified S3 bucket is: http://[bucket = name].s3.amazonaws.com/ Step 2: Setup AWS command-line interface Install aws-c1i to check the AWS version and create an account. = = Step 3: Extract access keys o After creating an account, sign in, and go to o Select Users > Add User. o Fillin the necessary details and click on the “Create User” button. o Now, download the CSV file and extract your access keys. https://console.aws.amazon.com/iam/ Step 4: Configure aws-cli Go to the terminal and run the following command to configure aws-cli: aws configure Module 02 Page 383 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 Step 5: Identify vulnerable S3 buckets Run the following command to identify exploitable S3 buckets: = aws s3 1ls s3://[bucket name] aws s3 1ls s3://[bucket name] --no-sign-request Step 6: Exploit S3 buckets Run the following commands to manipulate the files stored in S3 buckets: Reading Files > aws s3 1s s3://[bucket name] --no-sign-request Moving Files 2 aws s3 mv FileName s3://[bucket name]/test-file.txt Copying Files > aws s3 cp FileName s3://[bucket name]/test-file.svg Deleting Files > aws s3 rm s3://[bucket - -no-sign-request -no-sign-request name]/test-file.svg - --no-sign- request Figure 2.78: Screenshot of aws-cli Module 02 Page 384 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.