Scribd
Upload
32 views

Getting Started With Cloud Red Team

This document provides an overview of hybrid multi-cloud environments and red teaming exercises. It discusses key aspects of AWS, Azure, and Google Cloud including: - Network architectures of on-premise, Active Directory, and cloud environments - Identity federation between on-premise and cloud identities - Credentials used for access in hybrid multi-cloud environments - Cloud service models and network connectivity between clouds and on-premise

Uploaded by

haraikamu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
32 views

Getting Started With Cloud Red Team

This document provides an overview of hybrid multi-cloud environments and red teaming exercises. It discusses key aspects of AWS, Azure, and Google Cloud including: - Network architectures of on-premise, Active Directory, and cloud environments - Identity federation between on-premise and cloud identities - Credentials used for access in hybrid multi-cloud environments - Cloud service models and network connectivity between clouds and on-premise

Uploaded by

haraikamu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Getting Started with

Hybrid Multi-Cloud Red Teaming

© CW Labs UK Pvt. Ltd.


Introduction to
Hybrid Multi-Cloud
Red Teaming :

● Hybrid Multi Cloud Environment Overview

● AWS Cloud Overview

● Azure Cloud Overview

● Google Cloud Overview

● CTF Exercise

2
Module - 1 :
Hybrid Multi Cloud
Environment Overview
3
Network Architecture of On-Premise Environment

Internal Network
External Network

Domain
Web server Controller

Internet Firewall DNS server Firewall


Printer

Mail server
Workstation

DMZ Zone AD Environment

4
Network Architecture of Active Directory Forest

DC1 Cross Forest DC2

Trust relationship

Domain 1 Domain 2
abc.com xyz.com

Tree Tree2
DC 3 DC 4 DC 5

Child Domain 1 Child Domain 2 Child Domain 1


accounts.abc.com sales.abc.com hr.xyz.com

Identity
AD Internal Network (Forest) 5
AWS Multi Accounts Architecture

AWS Organization

AWS
Master Account

AWS Child Account 1 AWS Child Account 2 AWS Child Account 2

6
Azure Cloud Working Model

n Au
atio Azure AD th
ntic en
tic
e at
u th ion
A
Idaas

Azure Resource
O365 / M365
Manager (ARM)

(IaaS, PaaS, SaaS) (SaaS)

7
Azure Cloud Hierarchy
AAD Tenant

Management Group

Subscription

Resource Group

Resource
Google Cloud Working Model

n Cloud
atio
ntic Identity
e
u th
A
IdaaS

Google cloud Authentication Google workspace

(IaaS, PaaS, SaaS) (SaaS, IdaaS)

9
GCP Cloud Hierarchy

Organization Company

Shared
Dept X Dept Y Infrastructure

Folders
Team A Team B

Product 1 Product 2

Dev GCP Test GCP Production


Projects Project Project GCP Project

Resources Compute Engine App Engine Cloud Storage


Instances Services Buckets
Network Connectivity between Cloud & On-Premise

Cloud to Cloud Connectivity

AWS GCP
Azure

On-Premise to Cloud
& Cloud to On-Premise
Network Connectivity

Active Directory
On-Premise Environment

User/
Employee
11
Identity Federation from On-Premise to Cloud

portal.aws.com portal.azure.com console.cloud.google.com

AWS Azure GCP

3. IdP SAML Response


(Authentication) 3. IdP SAML Response
3. IdP SAML Response (Authentication)
(Authentication)

OKTA|Onelogin|AAD
User 2. User
Credential SSO
Authentication
External IdP

[Source Idp]

Active directory 1. DcSync with External Idp


(On-Premise)

Internal IdP
Hybrid Multi Cloud Environment Access

AWS Account AWS Account AWS Account

Assume Role (ARN) Assume Role(ARN)


Assume Role (ARN)

Primary
AWS account
AWS SSO User
Azure Subscription
Identity Sync Azure AD User

Identity Sync Identity Sync

Primary
User Azure Tenant Azure Subscription

Workspace or On-Premise AD User


GCP Organization [Email / Password]
Cloud Identity user

(Cross Project Access)


(Cross Subscription Access) Azure Subscription

GCP Project GCP Project GCP Project


Credentials in Hybrid Multi Cloud Environment

Credentials

Long Term Short Term


Credential Credential

Graphical User Interface Programmatic Interface Programmatic Interface


(GUI) (CLI/ SDK) (CLI/ SDK)

Username & Access Key


Service Principal Access Token
Password
Service Account
14
Module - 2 :
AWS Cloud Overview

15
AWS Cloud Architecture

Cloud Space
Compute

AWS Web Portal AWS Services

GUI Control Plane Storage

Data Plane

• IAM Username & Password • Long Term Key : Access Key ID & Secret
Web Client AWS CLI SDK/API • Short Term Key : Access Key ID & Secret & Token
• SSO Username & Password
End User
16
Identity and Access Management

IAM :
• AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources
securely.
• IAM allow you can create and manage AWS users and groups and use permissions to allow and deny their access to
AWS resources.

AWS IAM allows:


1. Manage IAM users, groups and their access.
2. Manage IAM roles and their permissions.
3. Manage federated users and their permissions.

17
IAM

Users Groups Roles AWS Services


Role Attached
Po to Services
licy Policy Attached d to
Att
ach to Groups ta che
t
ed l i c y A oles
to
U Po R
ser

Policy

Effect Actions Resources

Policy Contains Permissions


Policy Data :
1. Effect - Use to Allow or Deny Access
2. Action - Include a list of actions (Get, Put, Delete) that the policy allows or denies.
3. Resource - A list of resources to which the actions apply

19
Module - 3 :
Google Cloud Overview

20
Idaas

tion Cloud
t ica Identity
hen
t
Au

Authentication

Google workspace
Google Cloud Platform

(IAAS, PASS, SAAS) (SAAS, Idaas)


Organization Company

Shared
Dept X Dept Y Infrastructure

Folders
Team A Team B

Product 1 Product 2

Dev GCP Test GCP Production


Projects Project Project GCP Project

Resources Compute Engine App Engine Cloud Storage


Instances Services Buckets
GCP Cloud IAM
Organization

Role 1 Role 2

Permissions are inherited


Folder

e
rc
ou
Set Of Set Of

es
Permission 2

aR
Permission 1

On
ied
Project

pl
Ap
icy
l
Po
M
IA
Resource
Member 1 Member 2
Member 1

Role Binding Role Binding

Policy Resources
IAM Role Binding - Organization Level
24
Module - 4 :
Azure Cloud Overview

25
IdAAs

t ion Azure
Au
th
t ica AD
en
h en tic
at
t io
Au n

Azure Resource O365 / M365


Manager (ARM) (Office 365)

(IAAS, PAAS, SAAS) (SAAS)


Enterprise Global Azure Account

AAD Tenant

Management
Group

Subscription

Resource
Group

Resource

27
Role Based Access Control (RBAC)

• Azure RBAC is an authorization system built on Azure Resource Manager (ARM) that provides
fine-grained access management of Azure resources.

• Role Based Access Control [RBAC] Components -


• Role Assignment
■ Security principal
■ Scope
■ Roles Definition
Role Assignment Hierarchy

Permission Azure tenant


inherit
from top to
bottom
Group

User Management Management


Group Group

Service
Identify
Principal (Security Principal) Subscription Subscription Subscription

Mananged
Identify
Resource Group Resource Group Resource Group Resource Group

Role Definition
[Permissions] Resource Resource Resource Resource Resource
Role Assignment on Subscription Level 30
Thank You !
In case of any difficulties or queries, feel free to mail us at
[email protected]
● Follow us on :
LinkedIn: https://www.linkedin.com/company/cyberwarfare/
Twitter: https://twitter.com/cyberwarfarelab

● For More Information Visit :


Enterprise Red / Blue Team Lab : https://cyberwarfare.live
Red /Blue Team Blog: https://cyberwarfare.live/blog/

31
© CW Labs UK Pvt. Ltd.

You might also like