Tool Release – Principal Mapper v1.1.0 Update

Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update

Tool Release – ScoutSuite 5.10

We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Notable improvements and features include: CoreBreaking change: support for Python 3.5 has been deprecatedMoved unit tests from nose to pytest & improved coverageBug fixes and improved error handlingAWSCreated a ruleset for the AWS CIS Benchmark version 1.2Can … Continue reading Tool Release – ScoutSuite 5.10

Conference Talks – September 2020

This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, "AWS Security: Easy Wins and Enterprise Scale," to be presented at BSides Boston (Virtual - September 26 2020)Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia … Continue reading Conference Talks – September 2020

The Extended AWS Security Ramp-Up Guide

On November 25th, AWS released the Ramp-Up Learning Guide for AWS Cloud Security, Governance, and Compliance. The Security Ramp-Up is a curated list of educational AWS resources. The goal is "to teach in-demand cloud skills and real-world knowledge that you can rely on to keep up with cloud security, governance, and compliance developments and grow … Continue reading The Extended AWS Security Ramp-Up Guide

Demystifying AWS’ AssumeRole and sts:ExternalId

Amazon Web Services' AssumeRole operation accepts an optional parameter called "sts:ExternalId" which is intended to mitigate certain types of attacks. However, both the attacks that sts:ExternalId mitigates and how to properly use it are widely misunderstood, resulting in large numbers of vulnerable AWS-based applications. This post aims to describe what std:ExternalId does, when to use … Continue reading Demystifying AWS’ AssumeRole and sts:ExternalId