WWHF | Why the Basics are Hard — AWS Cloud Security Fundamentals Andrew Krug

Показать описание

•Recorded 2021-04-21
0:00:00 - PreShow Banter™ — Saddled With a Shoe Store
0:05:33 - LINK: PreShow Banter™ — Con-A-Thon Registration -
0:06:04 - FEATURE PRESENTATION: Why the Basics are Hard - AWS Cloud Security Fundamentals
0:06:51 - About Andrew Krug
0:08:15 - Agenda
0:10:29 - AWS Cloud Problems to Solve
0:11:31 - Heroes of AWS Cloud
0:13:17 - Taking the First Step
0:14:16 - What are Fundamentals anyway?
0:16:01 - Defining Greatness for Cloud Security
0:17:32 - Famous Data Breaches
0:23:45 - Common Themes Amongst Famous Data Breaches
0:26:49 - Stages of InfoSec Grief
0:28:56 - Palo Alto State of Cloud Native Security Report
0:29:55 - Training and Tools
0:30:21 - Well Architected Framework
0:31:30 - IAM
0:37:30 - Cool Conditions
0:41:03 - AWS Permissions Boundaries
0:43:21 - AWS Organizations
0:46:46 - Guardrail #1 - Stop Users from Stopping Monitoring
0:47:22 - Guardrail #2 - Restrict Regions
0:47:49 - Guardrail #3 - Restrict Instance Sizing
0:48:16 - Least Privilege
0:51:43 - Breaches Prevented?
0:53:31 - Favorite Auditing Tools - Cloudmapper
0:58:02 - Detection and Response
0:59:59 - Wrap-up
1:00:59 - QnA

Andrew’s Securing The Cloud Class:

PreShow Banter™ — Con-A-Thon Registration -

**All YouTube ad revenue donated to the Innocent Lives Foundation**

Рекомендации по теме

Комментарии

I have been building cloud security for a startup and I didn't know too much about the cloud when I joined. The issues you bring up are so relatable. The WAF used to allow requests with over 8kb of body to bypass all checks by default. You have to do detailed research about every component and a lot of sites give bad or mediocre advice. There's a million ways for privilege escalation to occur. Some resources have global arn and the names can be hijacked by bad actors during deployment. How do you even give cloud access to your CI/CD pipeline securely? Tag-based policies are a nightmare. Very stressful, there's so many problems to solve.

brodude

WWHF | Why the Basics are Hard — AWS Cloud Security Fundamentals Andrew Krug

WWHF | Why the Basics are Hard — AWS Cloud Security Fundamentals Andrew Krug

WWHF | Should you set it and forget it? Intro to IOT Hacking

John Cena’s “heel turn” #Short

Hacking my Bank with OSINT | Matthew Toussain | WWHF San Diego 2022

Roll for Stealth Intro to AV EDR Evasion | Mike Saunders | WWHF Deadwood 2022

WORKSHOP: Threat Hunting using Active and Passive DNS | DomainTools | WWHF Deadwood 2022

WWHF | How to Hire Cybersecurity—InfoSec Professionals Who Get Things Done | Kip Boyle | 1 Hour

WWHF | Abusing Microsoft Office for Post-Exploitation - Kyle Avery - 1 Hour

Demystifying Design: Making Infosec Look Good | Caitlin Cash | WWHF 2023

WWHF | Which one of these is not like the others? {Can you Detect Abnormal Behavior?} | Erik Goldoff

Teaching Him Basics 💀 WWE and WWF girls and boys wrestling #wwe #wwf #foryou #viral #trending #video...

Six Ways to Defend Better RN | David Kennedy | WWHF 2023

WWHF | How Certifications Help You Find Great People for Your Security Team | Kip Boyle

Still in shock The Rock, Stone Cold AND Hulk Hogan shared a ring together on this day in 2014!

Workshop: Intro to Social Engineering (Part 2) | Ed Miro | WWHF 2023

Workshop: Incident Response for Humans | Nathan Case | WWHF 2023

GraphRunner | Beau Bullock, Steve Borosh | WWHF 2023

Writing Ransomware for Kicks | Joff Thyer | WWHF Deadwood 2022

John Cena adds his own spin on WWE Championship gold #Short

Incident Response Playbook Perfection | Amanda Berlin & Jeremby Mio | WWHF Deadwood 2022

DCS 76 Youth Wrestling match Jack Blair vs Carter Mathias

Why Dan Severn left the WWF #dansevern #wwf #vincemcmahon #undertaker #attitudeera #ufc

Hacking the IR Team | Gerard Johansen | WWHF 2023

You Know Wrestling Is Fake, Right?