Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com


SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporary tokens. A summary of the finding printed to the screen after each run.

SkyWrapper DEMO:


Usage
  1. Fill the required data in the config file
  2. Make sure your users have the satisfied permissions for running the script (You can check this in the IAM at the summary page of the user)
  3. Run the python script
python SkyWrapper.py

Permissions
For running this script, you will need at least the following permissions policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3TrailBucketPermissions",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::{cloudtrail_bucket_name}/*",
"arn:aws:s3:::{cloudtrail_bucket_name}
]
},
{
"Sid": "IAMReadPermissions",
"Effect": "Allow",
"Action": [
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:GetRolePolicy",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:ListRoles"
],
"Resource": [
"arn:aws:iam::*:policy/*",
"arn:aws:iam::*:role/*"
]
},
{
"Sid": "GLUEReadWritePermissions",
"Effect": "Allow",
"Action": [
"glue:CreateTable",
"glue:CreateDatabase",
"glue:GetTable",
"glue:GetDatabase"
],
"Resource": "*"
},
{
"Sid": "CLOUDTRAILReadPermissions",
"Effect": "Allow",
"Action": [
"cloudtrail:DescribeTrails"
],
"Resource": "*"
},
{
"Sid": "ATHENAReadPermissions",
"Effect": "Allow",
"Action": [
"athena:GetQueryResults",
"athena:StartQueryExecution",
"athena:GetQueryExecution"
],
"Resource": "arn:aws:athena:*:*:workgroup/*"
},
{
"Sid": "S3AthenaResultsBucketPermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListMultipartUploadParts"
],
"Resource": "arn:aws:s3:::aws-athena-query-results-*"
}
]
}
Make sure you change the "{trail_bucket}" with your trail's bucket name!
In case you have more than one trail, which you want to use the script also on them, you have to add them as well to the policy permissions resource section.

Configuration
"config.yaml" is the configuration file. In most cases, you can leave the configuration as is. In case you need to change it, the configuration file is documented.
athena: # Athena configuration
database_name: default # The name of the database Athena uses for querying the trail bucket.
table_name: cloudtrail_logs_{table_name} # The table name of the trail bucket name
output_location: s3://aws-athena-query-results-{account_id}-{region}/ # The default output location bucket for the query results
output:
excel_output_file: run_results_{trail}_{account_id}-{date}.xlsx # Excel results file
summary_output_file: run_summary_{trail}_{account_id}-{date}.txt # Summary text results file
verify_https: True # Enable/ Disable verification of SSL certificates for HTTP requests
account:
account_id: 0 # The account id - Keep it as 0 in case you don't know it
aws_access_key_id: # If you keep it empty, the script will look after the default AWS credentials stored in ~/.aws/credentials
aws_secret_access_key: # If you keep it empty, the script will look after the default AWS credentials stored in ~/.aws/credentials
aws_session_token: # If you keep it empty, the script will look after the default AWS credentials stored in ~/.aws/credentials

References:
For more comments, suggestions, or questions, you can contact Omer Tsarfati (@OmerTsarfati) and CyberArk Labs. You can find more projects developed by us in https://github.com/cyberark/.


...



๐Ÿ“Œ Power of Tokens:Refresh Tokens and Access Tokens in Backend Development


๐Ÿ“ˆ 45.49 Punkte

๐Ÿ“Œ SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS


๐Ÿ“ˆ 34.6 Punkte

๐Ÿ“Œ Devo DeepTrace helps security teams investigate alerts and suspicious events


๐Ÿ“ˆ 29.21 Punkte

๐Ÿ“Œ What is a Hard Token? Hardware Security Tokens Vs Soft Tokens | UpGuard


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ Trust Tokens renamed Private State Tokens


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ How to Invalidate JWT Tokens Without Collecting Tokens


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ Maximizing Score with Tokens - 948 - Bag of Tokens in Go


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ Vuln: Todd Miller Sudo Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: python-xdg '/tmp' Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Jenkins Git Client Plugin CVE-2017-1000242 Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Nagios CVE-2013-4214 Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: python-xdg '/tmp' Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Todd Miller Sudo Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Nagios CVE-2013-4214 Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Vuln: Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability


๐Ÿ“ˆ 28.21 Punkte

๐Ÿ“Œ Botnet Encyclopedia helps security teams analyze suspicious activity in data centers


๐Ÿ“ˆ 27.42 Punkte

๐Ÿ“Œ Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response


๐Ÿ“ˆ 26.78 Punkte

๐Ÿ“Œ ๐Ÿš€Discover the Top ERC Tokens for Creating Powerful Smart Contracts!๐Ÿ’ช๐Ÿฝ๐Ÿ’ก๐Ÿ“ˆ


๐Ÿ“ˆ 26.78 Punkte

๐Ÿ“Œ Researchers discover exposed API secrets, impacting major tech tokens


๐Ÿ“ˆ 26.78 Punkte

๐Ÿ“Œ Automatically Block Suspicious Traffic With AWS Network Firewall and Amazon GuardDuty


๐Ÿ“ˆ 25.89 Punkte

๐Ÿ“Œ I'm suspicious about how secure the 2FA my company uses actually is. Is that even possible to investigate?


๐Ÿ“ˆ 25.77 Punkte

๐Ÿ“Œ Microsoft streamlines survey and form creation with AI-Powered Copilot in Forms


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ Generating temporary access actions in policies using Terraform with DATE and TIME conditions in AWS.


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ Datadobi StorageMAP 6.2 helps IT leaders discover and remediate orphaned data


๐Ÿ“ˆ 25.07 Punkte

๐Ÿ“Œ DevSecOps with AWS โ€“ ChatOps with AWS and AWS Developer Tools โ€“ Part 1


๐Ÿ“ˆ 25 Punkte

๐Ÿ“Œ Adobe Flash SimpleButton Creation Type Creation


๐Ÿ“ˆ 24.48 Punkte

๐Ÿ“Œ Adobe Flash SimpleButton Creation Type Creation


๐Ÿ“ˆ 24.48 Punkte

๐Ÿ“Œ Dump file creation failed due to error during dump creation


๐Ÿ“ˆ 24.48 Punkte

๐Ÿ“Œ Blitzer POI: Blitzerwarnung fรผr VW Discover Media oder Discover Pro - Videoanleitung


๐Ÿ“ˆ 24.43 Punkte

๐Ÿ“Œ Google Discover: Wie wird das Wetter? Die Wetterkarte wurde aus dem Discover Feed entfernt (Screenshots)


๐Ÿ“ˆ 24.43 Punkte

๐Ÿ“Œ Asset Discover - Burp Suite Extension To Discover Assets From HTTP Response


๐Ÿ“ˆ 24.43 Punkte











matomo