Enumerating Secrets in AWS Secrets Manager - Lab Walkthrough

Поделиться
HTML-код
  • Опубликовано: 16 июл 2024
  • This is a walkthrough for a Lab from Cybr called Introduction to AWS Secrets Manager Enumeration where we learn how to enumerate AWS Secrets Manager in a sandboxed AWS environment.
    This is a service that organizations can use to store their secrets, which makes it a juicy target for attackers. As security professionals, it’s our job to find potential weaknesses in our organization’s environments so that we can fix them before threat actors find them.
    🚨Disclaimer
    What is shown in this video is purely for educational purposes. This type of information should only ever be used for ethical purposes and to stop attackers. It should not be performed against resources you do not have explicit permissions for. We do not condone using the information in this video for any other purposes.
    📑 Resources 📑
    - Lab link: cybr.com/courses/iam-privileg...
    - Secrets Manager Enumeration Cheat Sheet: cybr.com/courses/iam-privileg...
    - IAM PrivEsc Labs Course: cybr.com/courses/iam-privileg...
    ➡️ Get access to this lab with a free Cybr account: cybr.com
    ⏰ Timestamps ⏰
    00:00 - 01:24 - Introduction
    01:25 - 01:30 - Education Disclaimer
    01:31 - 02:22 - AWS Credentials
    02:23 - 03:26 - GetCallerIdentity
    03:27 - 04:22 - ListUserPolicies
    04:23 - 06:18 - GetUserPolicy
    06:19 - 07:23 - Secrets Manager CLI commands
    07:24 - 07:49 - CLI Cheat Sheet
    07:50 - 09:04 - List Secrets
    09:05 - 10:12 - List Secrets Versions
    10:13 - 11:48 - Get Secrets Resource Policies
    11:49 - 12:34 - Describe Secrets
    12:35 - 13:41 - Get Secrets Values
    13:42 - 14:29 - Decoding Secrets
    14:30 - 15:48 - Next Steps
  • НаукаНаука

Комментарии • 11

  • @abhinavs03
    @abhinavs03 2 дня назад +2

    Descriptive and easy to follow content, awesome work Cybr team!

    • @Cybrcom
      @Cybrcom  2 дня назад

      Appreciate it!

  • @kwiatriot6190
    @kwiatriot6190 9 дней назад +1

    Great lab to demonstrate AWS Secrets Manager enumeration. Awesome you guys are putting this up as free content too!

    • @Cybrcom
      @Cybrcom  9 дней назад

      Thanks for the comment! I’m glad it’s helpful and we’ll keep putting out!

  • @awssecuritylabs
    @awssecuritylabs 5 месяцев назад +1

    Lovely lab..Thanks

    • @Cybrcom
      @Cybrcom  5 месяцев назад +1

      Glad you enjoyed it! Thanks!

  • @fardeensayyed70
    @fardeensayyed70 5 месяцев назад

    Please help me 😭
    I tried social engineering tool single email i entered the password but the
    Error is came
    it appears your password was incorrect. printing response: a bytes-like object is required, not 'str'

    • @Cybrcom
      @Cybrcom  5 месяцев назад

      What?? This video is not related to social engineering or emails/passwords. I think you have the wrong video

    • @dropz285
      @dropz285 21 день назад

      @@Cybrcom lol

  • @geezcode
    @geezcode 5 месяцев назад +1

    First

    • @geezcode
      @geezcode 5 месяцев назад +1

      Interesting

Следующие
Автовоспроизведение
AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough21:32AWS IAM PrivEsc to S3 data - Cybr CTF Walkthrough
AWS IAM PrivEsc to S3 data - Cybr CTF WalkthroughCybr
Просмотров 630
Intro to IAM Enumeration (Users, Groups, Roles, and Policies)14:51Intro to IAM Enumeration (Users, Groups, Roles, and Policies)
Intro to IAM Enumeration (Users, Groups, Roles, and Policies)Cybr
Просмотров 376
How crypto miners hijack AWS accounts (real case study)12:08How crypto miners hijack AWS accounts (real case study)
How crypto miners hijack AWS accounts (real case study)Cybr
Просмотров 3,5 тыс.
24 Hours Inside Mr. Beast14:2324 Hours Inside Mr. Beast
24 Hours Inside Mr. BeastSchlatt & Co.
Просмотров 1,5 млн
BREAKING! YORO Deal Done! Man Utd Transfer News50:24BREAKING! YORO Deal Done! Man Utd Transfer News
BREAKING! YORO Deal Done! Man Utd Transfer NewsThe United Stand
Просмотров 334 тыс.
Awnings: a simple cooling tech we apparently forgot about22:15Awnings: a simple cooling tech we apparently forgot about
Awnings: a simple cooling tech we apparently forgot aboutTechnology Connections
Просмотров 750 тыс.
Gracie Abrams - I Love You, I’m Sorry (Official Music Video)03:54Gracie Abrams - I Love You, I’m Sorry (Official Music Video)
Gracie Abrams - I Love You, I’m Sorry (Official Music Video)GracieAbramsVEVO
Просмотров 185 тыс.
Understanding AWS Secrets Manager - AWS Online Tech Talks33:50Understanding AWS Secrets Manager - AWS Online Tech Talks
Understanding AWS Secrets Manager - AWS Online Tech TalksAWS Developers
Просмотров 99 тыс.
AWS Security Hub | Concept | Demo | Centrally Manage Security Alerts and Automate Security Checks-3616:00AWS Security Hub | Concept | Demo | Centrally Manage Security Alerts and Automate Security Checks-36
AWS Security Hub | Concept | Demo | Centrally Manage Security Alerts and Automate Security Checks-36WORLD OF AWS
Просмотров 291
STOP Watching Coding Tutorials Right Now! My LEARNING FRAMEWORK12:19STOP Watching Coding Tutorials Right Now! My LEARNING FRAMEWORK
STOP Watching Coding Tutorials Right Now! My LEARNING FRAMEWORKHarkirat Singh
Просмотров 239 тыс.
Retrieve Secret Value Stored in AWS Secret Manager in AWS EC2 | GetSecretValue in AWS EC2 | AWS Demo20:32Retrieve Secret Value Stored in AWS Secret Manager in AWS EC2 | GetSecretValue in AWS EC2 | AWS Demo
Retrieve Secret Value Stored in AWS Secret Manager in AWS EC2 | GetSecretValue in AWS EC2 | AWS DemoA Monk in Cloud ☁️
Просмотров 4,6 тыс.
Beginner's Guide to AWS CloudTrail for Security - Full Course1:17:47Beginner's Guide to AWS CloudTrail for Security - Full Course
Beginner's Guide to AWS CloudTrail for Security - Full CourseCybr
Просмотров 1 тыс.
Use Terraform? You NEED this for security!10:09Use Terraform? You NEED this for security!
Use Terraform? You NEED this for security!Cybr
Просмотров 1,9 тыс.
What's new in Angular v175:08What's new in Angular v17
What's new in Angular v17Angular
Просмотров 40 тыс.
How I Would Learn AWS Today (after 10 years of cloud experience)40:28How I Would Learn AWS Today (after 10 years of cloud experience)
How I Would Learn AWS Today (after 10 years of cloud experience)Be A Better Dev
Просмотров 373 тыс.
Angular 17 Features With Examples - You Must Know That14:44Angular 17 Features With Examples - You Must Know That
Angular 17 Features With Examples - You Must Know ThatMonsterlessons Academy
Просмотров 37 тыс.
تجربة أغرب توصيلة شحن ضد القطع تماما00:56تجربة أغرب توصيلة شحن ضد القطع تماما
تجربة أغرب توصيلة شحن ضد القطع تماماصدام العزي
Просмотров 54 млн
Windows 7. 15 лет спустя. Что она ЕЩЁ может?15:50Windows 7. 15 лет спустя. Что она ЕЩЁ может?
Windows 7. 15 лет спустя. Что она ЕЩЁ может?Daniel Myslivets
Просмотров 60 тыс.
Intel + NVIDIA или AMD Ryzen + Radeon - что выбрать?00:55Intel + NVIDIA или AMD Ryzen + Radeon - что выбрать?
Intel + NVIDIA или AMD Ryzen + Radeon - что выбрать?CompShop Shorts
Просмотров 537 тыс.
Лого для клиента из Таджикистана. Анимация в After Effects01:00Лого для клиента из Таджикистана. Анимация в After Effects
Лого для клиента из Таджикистана. Анимация в After EffectsFreelStep Shorts
Просмотров 1,2 млн
ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shorts01:00ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shorts
ВОЗМОЖНО ЛИ ПОЧИСТИТЬ КЛАВИАТУРУ КЛЕЕМ?🤔 #shortsWinden
Просмотров 10 млн
С Какой Высоты Разобьётся Айфон ?😳 #рекомендации00:31С Какой Высоты Разобьётся Айфон ?😳 #рекомендации
С Какой Высоты Разобьётся Айфон ?😳 #рекомендацииKoshyl_Live
Просмотров 868 тыс.
ЛУЧШИЙ ОТКРЫТЫЙ КОРПУС доя ПК #пк2024 #переноснойпк #rtx #pcgaming #cryptone #пк #pcbuild202400:16ЛУЧШИЙ ОТКРЫТЫЙ КОРПУС доя ПК #пк2024 #переноснойпк #rtx #pcgaming #cryptone #пк #pcbuild2024
ЛУЧШИЙ ОТКРЫТЫЙ КОРПУС доя ПК #пк2024 #переноснойпк #rtx #pcgaming #cryptone #пк #pcbuild2024на РаЗБОРкУ
Просмотров 70 тыс.
Как распознать поддельный iPhone00:44Как распознать поддельный iPhone
Как распознать поддельный iPhonePEREKUPILO
Просмотров 1,9 млн