For our July Toronto AWS Users Group Meetup, Andrew Brown (CEO of ExamPro) is BACK, talking about a VERY popular meetup topic: AWS Security. Make sure to RSVP for this meetup quick - it will fill up FAST! See you there!
Advanced AWS Security - Hacking an Account, Securing our Account, and Investigating Suspicious Behaviour
Andrew recently attended AWS security conference re:Inforce and is bringing back with him scenario-based cloud security knowledge from the perspective of both the attacker and defender. This talk will help you quickly put into perceptive how to harden your AWS account and investigate for suspicious behaviour.
From the attacker, let us find a point of entry, look at how to escalate our privileges, leaving zero footprints in CloudTrail, Avoid triggering GuardDuty detection, use cross-roles as a vector of attack and abusing instance profiles.
From the defender, let us lock down permissions using permission boundaries and service control policies. Detect when keys are leaked, continuously patch our baseline servers, use Athena to query CloudTrail investigate strange behaviour, ensure the integrity of our logs from tampering.
Andrew Brown is the CEO of ExamPro, a service which provides training for AWS Certification. He has a specific interest in cloud security. Previously the CTO for multiple startups. He is a fan of retro video games and Star Trek DS9. If you ever want to buy him a drink, he loves premium coconut water.