1. MGClouds首页
  2. 资料
  3. 技术
  4. Red Team

RSAC提出TOP 10 Cloud Attack Killchains

RSAC DisruptOps发表演讲《Break the Top 10 Cloud Attack Killchains》,试图提出流行的云攻击思路和有效的防御方法。
云敏感数据泄露包括:

  1. GitHub/BitBucket
  2. Shared images
  3. Snapshots
  4. Compromised instance -> embedded code
  5. Compromised instance or dev/admin system – >
    – Shell history
    – Config/Credentials file
    – Local code

攻击流程大体为:

  1. Identify Internet exposed resource (instance/ container)
  2. Identify vulnerability on exposed resource
  3. Exploit vulnerability and gain foothold/ persistence
  4. Pivot to rest of virtual network and peered networks
  5. Exploit additional resources, including pivoting into the cloud management plane

资料下载:


隐藏内容需要支付:¥3
立即购买 升级VIP
RSAC提出TOP 10 Cloud Attack Killchains

RSAC提出TOP 10 Cloud Attack Killchains
RSAC提出TOP 10 Cloud Attack Killchains
RSAC提出TOP 10 Cloud Attack Killchains
RSAC提出TOP 10 Cloud Attack Killchains

原创文章,作者:网空博弈论,如若转载,请注明出处:http://wp.wexiaocheng.com/archives/5773

发表评论

电子邮件地址不会被公开。 必填项已用*标注

联系我们

微信:Dustin_82

邮件:Business@mgclouds.com

工作时间:7 x 24

欢迎交流:媒体报道/品牌合作/商务合作