Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials?

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials?

Option 1: Reverse engineering
Option 2: Social engineering
Option 3: Insider threat
Option 4: Password reuse

1. Reverse engineering

Reverse engineering, sometimes called back engineering, is a process in which software, machines, aircraft, architectural structures and other products are deconstructed to extract design information from them. Often, reverse engineering involves deconstructing individual components of larger products. The reverse engineering process enables you to determine how a part was designed so that you can recreate it. Companies often use this approach when purchasing a replacement part from an original equipment manufacturer (OEM) is not an option.

The reverse engineering method is named as such because it involves working backward through the first design process. However, you often have limited data about the engineering the product that went into creating the product. Therefore, the challenge is to gain a working data of the original design by disassembling the product piece-by-piece or layer-by-layer.

Companies often use reverse engineering on recent electronic elements, like discontinued printed circuit boards (PCBs) and connecting cards. Frequently, the products in question can return from makers that have since gone out of business. If the manufacturer continues to be in business, they may not provide the part. The firms usually reverse engineer old electronics for the sake of continuity.

If an recent piece of pc equipment had functions that have since been lost amid the next changes in technology, reverse engineering allows manufacturers to rediscover these formulas and bring them up to date. Reverse engineering also enables you to develop elements that bridge the new and the old, allowing users of older equipment to attach their devices to modern computing equipment.

In some cases, the only way to obtain the design of an original product is through reverse engineering. With some older products that haven’t been manufactured for twenty years or additional, the first second drawings are no longer available. Often, there’ll be no thanks to contact the first manufacturer, as the company might not be in business.

Companies generally use reverse engineering to regain design information on their own long-discontinued products. for example, a small company that has been in businesses for over forty years might have manufactured varied products before the times of package and digital file storage. Consequently, these older products is also based on long-lost paper blueprints. Through reverse engineering, companies will regain their lost designs and make archives of their product gift.

Even if the company still has their paper blueprints, they’ll need to create a digital version of them to create the plans easier to access and use. The business may use bound reverse engineering techniques to form this digital design file.

Among auto restoration specialists, reverse engineering is usually used to recreate the designs of engines and auto body parts for older vehicles. using reverse engineering to make engines or recreate hard-to-find components will create cars from the 1920s through the Fifties drivable once more. because of reverse engineering, you’ll bring a classic vehicle back to life and create it totally functional while not changing the planning of the car’s systems.

Reverse engineering needs a series of steps to gather precise info on a product’s dimensions. Once collected, you can store the information in digital archives. Often, engineers can enhance the planning with new developments and innovations. Sometimes, they’ll replicate the first model exactly.

2. Social engineering

Just like any other service that accepts usernames and passwords for logging in, AWS users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any other method of social engineering, may find yourself with an AWS users’ credentials within the hands of an attacker.

If a user only uses API keys for accessing AWS, general phishing techniques could still use to gain access to other accounts or their pc itself, where the attacker may then pull the API keys for aforementioned AWS user.

With basic opensource intelligence (OSINT), it’s usually simple to collect a list of workers of an organization that use AWS on a regular basis. This list will then be targeted with spear phishing to do and gather credentials. an easy technique may include an email that says your bill has spiked 500th within the past 24 hours, “click here for additional information”, and when they click the link, they’re forwarded to a malicious copy of the AWS login page designed to steal their credentials.

An example of such an email will be seen within the screenshot below. it’s exactly like an email that AWS would send to you if you were to exceed the free tier limits, except for a few little changes. If you clicked on any of the highlighted regions within the screenshot, you’d not be taken to the official AWS web site and you’d instead be forwarded to a pretend login page setup to steal your credentials.

These emails will get even more specific by playing a touch bit additional OSINT before causing them out. If an attacker was ready to discover your AWS account ID on-line somewhere, they could use methods we at rhino have free previously to enumerate what users and roles exist in your account with none logs contact on your side. they could use this list to more refine their target list, further as their emails to reference services they will know that you often use.

For reference, the journal post for using AWS account IDs for role enumeration will be found here and the journal post for using AWS account IDs for user enumeration will be found here.

During engagements at rhino, we find that phishing is one in all the fastest ways for us to achieve access to an AWS environment.

3. Insider threat

An insider threat is a security risk that originates from among the targeted organization. It generally involves a current or former worker or business associate WHO has access to sensitive data or privileged accounts among the network of an organization, and who misuses this access.

Traditional security measures tend to focus on external threats and are not always capable of identifying an internal threat emanating from inside the organization.

Types of insider threats include:
  • Malicious insider— Also called a Turncloak, someone who maliciously and intentionally abuses legitimate credentials, typically to steal data for financial or personal incentives. for example, an individual who holds a grudge against a former employer, or an competitor worker WHO sells secret data to a competitor. Turncloaks have a bonus over different attackers as a result of they’re at home with the safety policies and procedures of an organization, similarly as its vulnerabilities.
  • Careless insider— An innocent pawn who unknowingly exposes the system to outside threats. this is the most common form of insider threat, ensuing from mistakes, like leaving a device exposed or falling victim to a scam. for example, an employee who intends no harm may click on an insecure link, infecting the system with malware.
  • A mole— An imposter who is technically an outsider but has managed to realize insider access to a privileged network. this is often someone from outside the organization who poses as an employee or partner.
4. Password reuse

Often people can use the same password across a variety of services. If one of those passwords is compromised in any method, that could mean that an attacker is ready to gain access to different, unrelated services with the same credentials. it’s very common for a website to be compromised and to have the database leaked, that might very common embody password hashes or cleartext passwords. now that data is out there to the public, therefore if someone was a user of that compromised web site, currently they’d be vulnerable to compromise on the other service that shares that leaked password.

For this reason, it’s bad practice to use constant password across multiple services, however it’s still very common.

During engagements at rhino, we usually scan third party sources for leaked passwords of workers at a target company, where we’ll then attempt to utilize those target company if there’s any “low hanging” access available to the environment. we often realize that even passwords leaked as long as a pair of years ago are reused throughout someone’s different accounts, which gives us simple, privileged access to resources we have a tendency to are not alleged to be ready to reach. even if a password wasn’t leaked on-line, in some environments we have a tendency to solely have to be compelled to breach one need to and if it’s used for multiple services, then we’ve got gained access to any or all those services.

Learn CEH & Think like hacker

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment