1595189820
NSDetect: A Tool To Discover Potential AWS Domain Takeovers
Introduction
AWS is indeed a leading cloud platform and is widely used for various types of cloud services by tech giants such as Netflix, Airbnb, Lyft, Deliveroo, etc. In this story, I would be talking about the automated detection of AWS NS Takeover, a security issue related to the misconfiguration in AWS Route 53 service. The tool can be used by Infrastructure Security Engineers, DevSecOps Engineers, Penetration Testers and Bug Bounty Hunters(🤑) for automated detection of NS Takeover.
If you are unaware of AWS NS Takeover, I strongly recommend you to first go through the following story to better understand the issue. The story also talks about exploitation techniques using NSBrute which can be leveraged by Penetration Testers and Bug Bounty Hunters to generate a valid proof of concept.
To brush up the concepts for people already aware of this issue, AWS NS Takeover is a Security Issue which occurs due to a misconfiguration while using AWS Route53 for DNS services. Itoccurs when we associate AWS nameservers as the authoritative name server for a domain while the name server does not have the zone file for the associated domain.
This could occur in the scenario where the administrator while deleting domain deletes the hosted zones from AWS Route 53 but forgets to remove the dangling pointer at the domain registrar.
For example, for my domain shivsahni.com I have provided AWS nameservers as authoritative name servers as shown below:
Whereas in my AWS console, I have deleted the zone file and so the associated nameservers do not have zone file, making the domain potentially vulnerable to AWS NS Takeover.
#infosec #cybersecurity #cloud #aws #bug-bounty
What is GEEK
Buddha Community
1601341562
AWS Cost Allocation Tags and Cost Reduction
Bob had just arrived in the office for his first day of work as the newly hired chief technical officer when he was called into a conference room by the president, Martha, who immediately introduced him to the head of accounting, Amanda. They exchanged pleasantries, and then Martha got right down to business:
“Bob, we have several teams here developing software applications on Amazon and our bill is very high. We think it’s unnecessarily high, and we’d like you to look into it and bring it under control.”
Martha placed a screenshot of the Amazon Web Services (AWS) billing report on the table and pointed to it.
“This is a problem for us: We don’t know what we’re spending this money on, and we need to see more detail.”
Amanda chimed in, “Bob, look, we have financial dimensions that we use for reporting purposes, and I can provide you with some guidance regarding some information we’d really like to see such that the reports that are ultimately produced mirror these dimensions — if you can do this, it would really help us internally.”
“Bob, we can’t stress how important this is right now. These projects are becoming very expensive for our business,” Martha reiterated.
“How many projects do we have?” Bob inquired.
“We have four projects in total: two in the aviation division and two in the energy division. If it matters, the aviation division has 75 developers and the energy division has 25 developers,” the CEO responded.
Bob understood the problem and responded, “I’ll see what I can do and have some ideas. I might not be able to give you retrospective insight, but going forward, we should be able to get a better idea of what’s going on and start to bring the cost down.”
The meeting ended with Bob heading to find his desk. Cost allocation tags should help us, he thought to himself as he looked for someone who might know where his office is.
#aws #aws cloud #node js #cost optimization #aws cli #well architected framework #aws cost report #cost control #aws cost #aws tags
1598254922
Hire AWS Developer
Looking to Hire Professional AWS Developers?
The technology inventions have demanded all businesses to use and manage cloud-based computing services and Amazon is dominating the cloud computing services provider in the world.
Hire AWS Developer from HourlyDeveloper.io & Get the best amazon web services development. Take your business to excellence with our best AWS developer that will serve you the benefit of different cloud computing tools.
Consult with experts: https://bit.ly/2CWJgHyAWS Development services
#hire aws developer #aws developers #aws development company #aws development services #aws development #aws
1598408880
How To Unite AWS KMS with Serverless Application Model (SAM)
The Basics
AWS KMS is a Key Management Service that let you create Cryptographic keys that you can use to encrypt and decrypt data and also other keys. You can read more about it here.
Important points about Keys
Please note that the customer master keys(CMK) generated can only be used to encrypt small amount of data like passwords, RSA key. You can use AWS KMS CMKs to generate, encrypt, and decrypt data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.
You must use and manage data keys outside of AWS KMS. KMS API uses AWS KMS CMK in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.
Scenario
We want to create signup and login forms for a website.
Passwords should be encrypted and stored in DynamoDB database.
What do we need?
- KMS key to encrypt and decrypt data
- DynamoDB table to store password.
- Lambda functions & APIs to process Login and Sign up forms.
- Sign up/ Login forms in HTML.
Lets Implement it as Serverless Application Model (SAM)!
Lets first create the Key that we will use to encrypt and decrypt password.
KmsKey:
Type: AWS::KMS::Key
Properties:
Description: CMK for encrypting and decrypting
KeyPolicy:
Version: '2012-10-17'
Id: key-default-1
Statement:
- Sid: Enable IAM User Permissions
Effect: Allow
Principal:
AWS: !Sub arn:aws:iam::${AWS::AccountId}:root
Action: kms:*
Resource: '*'
- Sid: Allow administration of the key
Effect: Allow
Principal:
AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyAdmin}
Action:
- kms:Create*
- kms:Describe*
- kms:Enable*
- kms:List*
- kms:Put*
- kms:Update*
- kms:Revoke*
- kms:Disable*
- kms:Get*
- kms:Delete*
- kms:ScheduleKeyDeletion
- kms:CancelKeyDeletion
Resource: '*'
- Sid: Allow use of the key
Effect: Allow
Principal:
AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyUser}
Action:
- kms:DescribeKey
- kms:Encrypt
- kms:Decrypt
- kms:ReEncrypt*
- kms:GenerateDataKey
- kms:GenerateDataKeyWithoutPlaintext
Resource: '*'
The important thing in above snippet is the KeyPolicy. KMS requires a Key Administrator and Key User. As a best practice your Key Administrator and Key User should be 2 separate user in your Organisation. We are allowing all permissions to the root users.
So if your key Administrator leaves the organisation, the root user will be able to delete this key. As you can see **KeyAdmin **can manage the key but not use it and KeyUser can only use the key. ${KeyAdmin} and **${KeyUser} **are parameters in the SAM template.
You would be asked to provide values for these parameters during SAM Deploy.
#aws #serverless #aws-sam #aws-key-management-service #aws-certification #aws-api-gateway #tutorial-for-beginners #aws-blogs
1594110903
Hire Dedicated AWS Developer
Want to Hire AWS Developer for cloud computing services?
At HourlyDeveloper.io, we leverage maximum benefits from the AWS platform ensuring prominent Solutions for business requirements. Hire Dedicated AWS Developer and make business solutions truly global and accessible through the power of cloud environment and AWS with an extensive set of on-demand global functionality.
Consult with experts:- https://bit.ly/2C5M6cz
#aws development company #hire dedicated aws developer #aws development services #aws development #aws developer #aws
1605514048
How AWS Skills Can Boost Your Career in The IT Industry?
For those that wish to create a promising career within the IT industry, pursuing AWS training is often the simplest option where you’ll develop and validate your cloud skills and learn the simplest of cloud computing technology. Amazon’s cloud platform i.e. Amazon Web Services is one of the highly preferred cloud computing services that provide easy and innovative cloud computing solutions.
The fast facts about the AWS Certification Course reveal that the potential expected marketplace for AWS Solution Architects will grow by $ 307.7 million by the year 2025. Moreover, the demand for AWS certified professionals has grown by 76% within the last two years. consistent with online employment portals like indeed.com, in developed countries just like the US, the entire vacant job profiles for AWS certified IT professionals is around 9728. Does one still need more facts that reflect the importance of AWS training program for a booming career within the IT sector?
Career Opportunities Offered by AWS
Learning the AWS certified training courses can open up engaging career prospects for you during a sort of cloud computing services. Amazon Web Services offers you a chance to find out from 70 diverse courses that affect memory, Networking, Analytics, Management, Database, Internet of Things, Developer tools, and Application services. Around 380000 cloud computing jobs are still vacant in search of qualified and trained AWS professionals.
Thus, AWS training can assist you to discover the brightest job prospects within the IT sector. The greater specialization in adopting technologically focused processes with the help of cloud-based services proves to be a big reason why pursuing AWS training is often the foremost optimum career decision for IT professionals.
AWS Training Can Fulfill Your Major Career Goals
The AWS certified courses and training can assist you to achieve the specified excellence and professionalism in your career. Being trained in AWS can allow you to experience multiple benefits within the sort of a pay hike and grab extra attention from the employer as they appear for professionals who possess the foremost advanced and updated knowledge within the field of cloud computing. The AWS training empowers you by imparting knowledge about the various fields of cloud computing through a comprehensive practice-based approach.
Additionally, to the present, it’s been observed that your chances of employment rise manifold once you complete the training and authorized courses from recognized AWS Training Program in Noida. Thus, you’ll apply for a spread of job profiles that cloud computing offers. Further, the marvelous outcomes are possible only you spend significant money and time for earning the AWS certification which may end up being a life-changing opportunity for you.Learn here more Aws Certification Types: Choose The Right For You
A final upshot
Pursuing AWS certification courses and training provides the simplest career opportunities for those that want to form a successful career within the IT sector. You’ll move ahead for splendid and memorable career growth within the AWS cloud-based services. Further, this will be fruitful for the enterprises and business owners also, because it can help within the effective storage of knowledge through cloud-based services which may help within the efficient running of the complex business process.
Moreover, cloud computing solutions are the necessity of the hour as they’re loaded with features that provide reduced cost and enhanced efficiency as compared to the normal in-house services. Therefore, IT professionals trained in AWS are highly demanded as they will take the organization to a replacement height through better data management.
#aws #aws online training #aws online course #aws course #aws training #aws training in noida