3. SkyArk includes more small sub-modules for playing around in the cloud security field
An example for such a sub-module is AWStrace module.
AWStrace – analyzes AWS CloudTrail Logs and can provide new valuable insights from CloudTrail logs.
It especially prioritizes risky sensitive IAM actions that potential attackers might use as part of their malicious actions as AWS Shadow Admins.
The module analyzes the log files and produces informative csv result file with important details on each executed action in the tested environment.
Security teams can use the results files to investigate sensitive actions, discover the entities that took those actions and reveal additional valuable details on each executed and logged action.
Take a look at the Readme files of the scanning modules:
AzureStealth – https://github.com/cyberark/SkyArk/blob/master/AzureStealth/README.md
AWStealth – https://github.com/cyberark/SkyArk/blob/master/AWStealth/README.md
Share Your Thoughts And Feedback
Asaf Hecht (@Hechtov) and CyberArk Labs
More coverage on the uprising Cloud Shadow Admins threat:
Byron Acohido’s Podcast: https://soundcloud.com/byron-acohido/cloud-privileged-accounts-flaws-exposed
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.