YoVDO

The Bucket List - Experiences Operating S3 Honeypots

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Amazon Web Services (AWS) Courses Cloud Security Courses Threat Detection Courses

Course Description

Overview

Explore the world of S3 bucket security in this 30-minute conference talk from BSidesSF 2018. Dive into Cameron Ero's experiences operating S3 honeypots and gain insights into the concerning trend of S3 bucket incidents. Learn about the techniques used by researchers to find public buckets, the tools they employ, and their actions upon discovery. Discover how to monitor access to your S3 assets and implement S3 honeypots within your organization. Gain valuable knowledge on AWS security, bucket enumeration methods, and the severity of potential threats. Understand the effectiveness of honeypot deployment and its value in enhancing your organization's security posture.

Syllabus

Introduction
The problem
AWS
Enumerating Buckets
Word Lists
Microsoft
AWS S3
Bucket List
Who was doing this
Bucket scripting
Bucket targeting
Custom tools
Severity
Sophisticated
Key takeaways
Is this something that was valuable
How easy was it to deploy
What is the value


Taught by

Security BSides San Francisco

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network