Threat Hunting in the Cloud

Explore threat hunting techniques in cloud environments through this conference talk from NorthSec 2019. Gain insights from security experts Kurtis Armour and Jacob Grant as they delve into cloud service providers, shared responsibility models, and the challenges of applying traditional network security tools to cloud infrastructures. Learn about various attacker motivations, real-world cloud attacks, and enterprise architecture examples for both AWS and general cloud environments. Discover CSP attacker tools and methods for detecting direct attacks against cloud service providers. Examine endpoint considerations, including forensics data collection and PowerShell visibility. Understand how to execute code using Azure and AWS APIs, as well as endpoint execution techniques, to enhance your cloud security posture and threat hunting capabilities.

Intro
What is a cloud service provider?
Shared responsibility model (IaaS)
Cloud service provider adoption aws
Infosec community on cloud services How well do traditional network Security tools work in cloud environments?
What are they after? It depends on the type of attacker
Attacks in the field
Enterprise architecture example
AWS architecture example
CSP Attacker Tools
Catching direct attacks against the CSP
Endpoint considerations
Endpoint visibility - forensics data
Endpoint visibility - PowerShell visibility
Executing code - Azure API | Endpoint execution
Executing code - AWS API | Endpoint execution