Automated Defence using Cloud Services for AWS, Azure & GCP

Scenarios

Some of the real-world scenarios we will be covering during the workshop includes

• SSH Brute-force detection & defence
• Content Management System Audit analysis (Azure)
• AWS IAM CloudTrail logs to detect and defend against backdoors (AWS)
• Container logs to defend Kubernetes security attacks(GCP)

High Level Overview

• Environment setup using automated playbook
• Cloud providers accounts configuration
• Setting up hardened Elastic Stack using Ansible playbooks and Terraform
• Configuring cloud infrastructure to send logs to centralized monitoring system
• Attack patterns analysis and detection
• Building attack monitoring dashboards
• Setting up near real-time alerts (slack, email, etc.)
• SSH brute-force attack against infrastructure
• Building security dashboards for analysis
• Detecting the attack and applying real-time defence
• CMS application service attack simulation
• Attack audit analysis using security dashboards
• Deploying the automated defence
• Setting up monitoring system AWS CloudWatch and AWS CloudTrail logs
• Abusing metadata and gaining access to compromised AWS IAM keys for users and roles
• Identifying compromised IAM keys usage using AWS CloudTrail logs
• Defending against IAM compromised keys using Serverless (AWS Lambda)
• Setting up automated Kubernetes infrastructure with services
• Monitoring Kubernetes security events for attacks
• Attacking containerized applications in Kubernetes
• Near real-time automated defence against Docker container security attacks

ATTENDEE REQUIREMENTS

• Most of the workshop will be covered using demonstrations and discussions around the scenarios
• Laptop with browser and wireless connectivity would be useful
• Keep a hotspot handy for internet access (if required)