Add to collection(s) Add to saved
  1. No category
Uploaded by Helen Otis

Getting Started with Cloud Red Team

advertisement 
Getting Started with
Hybrid Multi-Cloud Red Teaming
© CW Labs UK Pvt. Ltd.
Introduction to
Hybrid Multi-Cloud
Red Teaming :
●
Hybrid Multi Cloud Environment Overview
●
AWS Cloud Overview
●
Google Cloud Overview
●
Azure Cloud Overview
●
CTF Exercise
2
Module - 1 :
Hybrid Multi Cloud
Environment Overview
3
Network Architecture of On-Premise Environment
Internal Network
External Network
Domain
Controller
Web server
Internet
Firewall
DNS server
Firewall
Printer
Mail server
Workstation
DMZ Zone
AD Environment
4
Network Architecture of Active Directory Forest
DC1
DC2
Cross Forest
Trust relationship
Domain 1
abc.com
DC 3
Child Domain 1
accounts.abc.com
Identity
Tree
Domain 2
xyz.com
DC 4
Child Domain 2
sales.abc.com
AD Internal Network (Forest)
DC 5
Tree2
Child Domain 1
hr.xyz.com
5
AWS Multi Accounts Architecture
AWS Organization
AWS
Master Account
AWS Child Account 1
AWS Child Account 2
AWS Child Account 2
6
Azure Cloud Working Model
n
th
u
A
tio
a
tic
n
e
Azure AD
Au
th
en
tic
at
ion
Idaas
Azure Resource
Manager (ARM)
(IaaS, PaaS, SaaS)
O365 / M365
(SaaS)
7
Azure Cloud Hierarchy
AAD Tenant
Management Group
Subscription
Resource Group
Resource
Google Cloud Working Model
n
th
u
A
tio
a
tic
n
e
Cloud
Identity
IdaaS
Google cloud
(IaaS, PaaS, SaaS)
Authentication
Google workspace
(SaaS, IdaaS)
9
GCP Cloud Hierarchy
Organization
Company
Dept X
Shared
Infrastructure
Dept Y
Folders
Team A
Team B
Product 1
Projects
Resources
Dev GCP
Project
Compute Engine
Instances
Test GCP
Project
App Engine
Services
Product 2
Production
GCP Project
Cloud Storage
Buckets
Network Connectivity between Cloud & On-Premise
Cloud to Cloud Connectivity
AWS
GCP
Azure
On-Premise to Cloud
& Cloud to On-Premise
Network Connectivity
Active Directory
On-Premise Environment
User/
Employee
11
Identity Federation from On-Premise to Cloud
portal.aws.com
portal.azure.com
console.cloud.google.com
AWS
Azure
GCP
3. IdP SAML Response
(Authentication)
3. IdP SAML Response
(Authentication)
3. IdP SAML Response
(Authentication)
OKTA|Onelogin|AAD
User
Credential SSO
2. User
Authentication
External IdP
[Source Idp]
Active directory
(On-Premise)
Internal IdP
1. DcSync with External Idp
Hybrid Multi Cloud Environment Access
AWS Account
Assume Role (ARN)
AWS Account
AWS Account
Assume Role (ARN)
Primary
AWS account
Assume Role(ARN)
AWS SSO User
Azure Subscription
Identity Sync
Identity Sync
Identity Sync
User
Workspace or
Cloud Identity user
GCP Organization
Azure AD User
Primary
Azure Tenant
Azure Subscription
On-Premise AD User
[Email / Password]
(Cross Project Access)
(Cross Subscription Access)
GCP Project
GCP Project
GCP Project
Azure Subscription
Credentials in Hybrid Multi Cloud Environment
Credentials
Long Term
Credential
Short Term
Credential
Graphical User Interface
(GUI)
Programmatic Interface
(CLI/ SDK)
Programmatic Interface
(CLI/ SDK)
Username &
Password
Access Key
Service Principal
Service Account
Access Token
14
Module - 2 :
AWS Cloud Overview
15
AWS Cloud Architecture
Cloud Space
Compute
AWS Web Portal
AWS Services
Control Plane
GUI
Storage
Data Plane
• Long Term Key : Access Key ID & Secret
• IAM Username & Password
Web Client
• SSO Username & Password
AWS CLI
End User
SDK/API
• Short Term Key : Access Key ID & Secret & Token
16
Identity and Access Management
IAM :
• AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources
securely.
• IAM allow you can create and manage AWS users and groups and use permissions to allow and deny their access to
AWS resources.
AWS IAM allows:
1. Manage IAM users, groups and their access.
2. Manage IAM roles and their permissions.
3. Manage federated users and their permissions.
17
IAM
Users
Roles
Groups
Po
li
cy
Att
ach
ed
to
U
Policy Attached
to Groups
ser
d
che
a
t
t
y A oles
c
i
l
R
Po
Policy
Effect
Actions
Policy Contains Permissions
Resources
to
AWS Services
Role Attached
to Services
Policy Data :
1. Effect - Use to Allow or Deny Access
2. Action - Include a list of actions (Get, Put, Delete) that the policy allows or denies.
3. Resource - A list of resources to which the actions apply
19
Module - 3 :
Google Cloud Overview
20
Idaas
ion
t
ica
t
en
h
t
Cloud
Identity
Au
Authentication
Google Cloud Platform
(IAAS, PASS, SAAS)
Google workspace
(SAAS, Idaas)
Organization
Company
Dept X
Shared
Infrastructure
Dept Y
Folders
Team A
Team B
Product 1
Projects
Resources
Dev GCP
Project
Compute Engine
Instances
Test GCP
Project
App Engine
Services
Product 2
Production
GCP Project
Cloud Storage
Buckets
GCP Cloud IAM
Organization
Set Of
Permission 1
Set Of
Permission 2
Folder
Project
IA
M
Po
l
icy
Ap
pl
ied
On
aR
es
ou
rc
e
Role 2
Resource
Member 1
Member 1
Role Binding
Member 2
Role Binding
Policy
Resources
Permissions are inherited
Role 1
IAM Role Binding - Organization Level
24
Module - 4 :
Azure Cloud Overview
25
IdAAs
ion
t
ica
t
en
h
t
Au
Azure
AD
Au
th
en
tic
at
io
n
Azure Resource
Manager (ARM)
O365 / M365
(Office 365)
(IAAS, PAAS, SAAS)
(SAAS)
Enterprise Global Azure Account
AAD Tenant
Management
Group
Subscription
Resource
Group
Resource
27
Role Based Access Control (RBAC)
• Azure RBAC is an authorization system built on Azure Resource Manager (ARM) that provides
fine-grained access management of Azure resources.
• Role Based Access Control [RBAC] Components •
Role Assignment
■ Security principal
■ Scope
■ Roles Definition
Role Assignment Hierarchy
Permission
inherit
from top to
bottom
Azure tenant
Group
Management
Group
User
Service
Principal
Management
Group
Identify
(Security Principal)
Mananged
Identify
Resource Group
Role Definition
[Permissions]
Subscription
Subscription
Resource
Resource
Subscription
Resource Group
Resource Group
Resource Group
Resource
Resource
Resource
Role Assignment on Subscription Level
30
Thank You !
In case of any difficulties or queries, feel free to mail us at
support@cyberwarfare.live
●
Follow us on :
LinkedIn: https://www.linkedin.com/company/cyberwarfare/
Twitter: https://twitter.com/cyberwarfarelab
●
For More Information Visit :
Enterprise Red / Blue Team Lab : https://cyberwarfare.live
Red /Blue Team Blog: https://cyberwarfare.live/blog/
© CW Labs UK Pvt. Ltd.
31
Related documents
Skills Audit(NETWORK ENGINEER)
Skills Audit(NETWORK ENGINEER)
3 Pillars of Azure
3 Pillars of Azure
AWS Training & Certification - Certificate of Completion
AWS Training & Certification - Certificate of Completion
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
ENABEL SDHR TRAINING REPORT Cloud Computing with Logins
ENABEL SDHR TRAINING REPORT Cloud Computing with Logins
Aero English
Aero English
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Download
advertisement