Use OSINT to Keep Up with AWS presented at OWASPNewZealandDay 2020

by Oliver (olly) Ewert,

Summary : How do you control access to a deluge of new AWS features and services? Which Actions are just usability tweaks, which will let you publish a database snapshot to the world? Whitelist and “slow innovation” or blacklist and “hope nothing bad happens”? The missing tool for keeping up!With re:invent just before Christmas and a tonne of new features and services, how are security teams meant to keep up with a deluge of new things to control access to? Is this extra Action just an extension of an existing feature, or will it inadvertently give developers the ability to publish a database snapshot to the world? In lieu of AWS actually publishing useful information needed to make access control decisions for new features and services in one central place, we built a tool that leverages Open-Source data sources published by AWS to collate relevant information into a consumable format. This talk will cover a little about how we find and consume OSINT from AWS to programatically learn about new features and services, how we turn that into usable intelligence and finally how you can use the output to help secure your AWS environment.