Attacking Storage Services - The Lynchpin of Cloud Services

Dive into a comprehensive exploration of storage service vulnerabilities in cloud environments during this 40-minute conference talk from the Hack In The Box Security Conference. Learn about the critical role of storage services in cloud infrastructure and discover various attack vectors, including exploiting writable public storages and authenticated user access. Examine real-world case studies, such as the Rocket.chat installer vulnerability and the fwupd CVE-2020-10759. Gain insights into attack methodologies, including enumeration techniques for AWS S3 buckets, identification and exploitation of Azure SAS URLs, and post-exploitation strategies like credential harvesting. Explore specific scenarios, including SSRF to EC2 takeover, PaaS attacks on Elastic Beanstalk, and AWS Cognito analysis. Receive practical advice on implementing periodic scans using Scout Suite and preparing for potential disasters. Conclude with vendor warnings and additional reference materials to further enhance your understanding of cloud storage security.

Intro
Attacking Storage Services: Lynchpin of Cloud Services
Agenda How I am going to bore you for next 30 minutes
Cloud Storage: Why Attack
Writable Public Storages
Authenticated User Access
Rocket.chat Installer
Fwupd CVE-2020-10759
Attack: Enumeration
AWS S3 Buckets Enumeration
Cloud Bucket URL Scraper
AWS Cloud Bucket Search Engine
Google Dork in Action
Attack: Identification and Exploitation
Azure SAS URL'S
Storage Attacks: Azure
Connecting to Azure Storage
Attack: Post Exploitation
Credential Harvesting Hunting for the usemame
Case Study: SSRF to EC2 takeover
Case Study: Paas: Elastic Beanstalk
Case Study: AWS Cognito Analysis
Vendor Warnings
Tenant: Periodic Scan: Scout Suite
Tenant: Prepare for Disaster
Additional Reference Material