Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update
Tag: aws
Tool Release – ScoutSuite 5.10
We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Notable improvements and features include: CoreBreaking change: support for Python 3.5 has been deprecatedMoved unit tests from nose to pytest & improved coverageBug fixes and improved error handlingAWSCreated a ruleset for the AWS CIS Benchmark version 1.2Can … Continue reading Tool Release – ScoutSuite 5.10
Conference Talks – September 2020
This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, "AWS Security: Easy Wins and Enterprise Scale," to be presented at BSides Boston (Virtual - September 26 2020)Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia … Continue reading Conference Talks – September 2020
Tool Release – ScoutSuite 5.9.0
We're proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Since the release of 5.8.0 back in late March, we've had over 300 commits from 8 different contributors, and closed 30 PRs. Notable improvements and features include: AWS Added 4 new ELB and ELBv2 findingsAdded support … Continue reading Tool Release – ScoutSuite 5.9.0
The Extended AWS Security Ramp-Up Guide
On November 25th, AWS released the Ramp-Up Learning Guide for AWS Cloud Security, Governance, and Compliance. The Security Ramp-Up is a curated list of educational AWS resources. The goal is "to teach in-demand cloud skills and real-world knowledge that you can rely on to keep up with cloud security, governance, and compliance developments and grow … Continue reading The Extended AWS Security Ramp-Up Guide
Demystifying AWS’ AssumeRole and sts:ExternalId
Amazon Web Services' AssumeRole operation accepts an optional parameter called "sts:ExternalId" which is intended to mitigate certain types of attacks. However, both the attacks that sts:ExternalId mitigates and how to properly use it are widely misunderstood, resulting in large numbers of vulnerable AWS-based applications. This post aims to describe what std:ExternalId does, when to use … Continue reading Demystifying AWS’ AssumeRole and sts:ExternalId
IAM user management strategy
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy 24 Feb 2015 - Loïc Simon Use IAM groups When granting privileges to IAM users, AWS account administrators should avoid use of user-specific policies. Instead, create groups whose name explicitly … Continue reading IAM user management strategy
Do not use your AWS root account
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Do not use your AWS root account 23 Feb 2015 - Loïc Simon What is the AWS root account? The AWS root account is the account that was used — or created — when … Continue reading Do not use your AWS root account
Announcing the AWS blog post series
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the AWS blog post series 22 Feb 2015 - Loïc Simon Starting this month, iSEC Partners will start a series of blog posts related to AWS. The goal of these blog posts will … Continue reading Announcing the AWS blog post series