Cloud Security Things To Know

Cloud Security Things To Know

What should you know as a cloud security engineer or for a cloud security interview?

ยท

2 min read

A list of things to know as a cloud security engineer or for a cloud security interview (mostly based on AWS). I'll update this page as I learn and discover more.

IAM

  • Roles, Policies, Cross Account Access
  • User Groups
  • Access Permissions
  • SDKs
  • Authentication
    • Identity Providers
    • Users & Identities
    • Identity Federation
  • Service Accounts
  • Service Principals
  • Privileged Access
  • MFA
  • Sessions & Tokens
  • Access Keys

Encryption

  • Server-Side Encryption
  • Client-Side Encryption

Scripting

  • Python
  • Golang

Containerization & Orchestration

  • Docker
  • Kubernetes
    • Managed: Amazon EKS, Azure AKS, Google GKE
    • Unmanaged Kubernetes

Compliance

  • AWS Config, Macie - Compliance, and so on.

APIS

  • API Security
  • API Exposure
  • Locking Down API endpoints to People/Users

Logging

  • VPC Flow Logs
  • CloudTrail
  • Centralizing VPC flow logs from multiple accounts into one account
  • Datadog
  • Splunk

Storage

  • Bucket Access
    • Public, Private and Bucket Policies
    • Pre-signed Cookies & URLs

Infrastructure as Code

  • Terraform
  • CloudFormation

Security

  • Security Groups
  • NACLs
  • WAF
  • Jump Servers (bastion Hosts)

Secure Storage

  • Secrets Manager
  • Parameter Services

Networking

  • Subnetting
  • Public vs Private IPs

Devops

  • Git
  • Github
  • Gitlab

Cloud Attacks

Refer to the MITRE ATT&CK Cloud Matrix for more

  • Initial Access Vectors
    • Compromised Credentials
      • Static Credentials
      • Not rotating credentials
      • Credentials pushed to publicly accessible code (GitHub) repos
      • Credentials found in public storage (S3, GCS Buckets)
  • Persistence
    • Modifying permission groups or roles
    • Modifying password duration policies
    • Creating new credentials for service accounts/service principles
  • Privilege Escalation(Vertical) & Lateral Movement (Horizontal)
    • Service account impersonation (GCP)
    • Default Credentials
    • Token Manipulation
    • Adding a user to a group
    • Attaching a RolePolicy/Group Policy to a Group or User
    • Creating Access Keys for more privileged users

Did you find this article valuable?

Support Day Cyberwox by becoming a sponsor. Any amount is appreciated!

ย