Tags:
The adventures of The Aviata Cloud company and our SANS Cloud workshop series will run monthly from April through December 2024.
- All workshops are available on-demand the day after they go live. Simply register and complete the chapter at your convenience.
- Share the workshop storyline with other cloud security professionals - sans.org/ace135
- Explore the upcoming monthly workshop technical topics at sans.org/workshops
- Each workshop is independent of the others, so participate in one, some, or all!
- All necessary information regarding laptop setup, technical requirements, and participation in our workshop series can be found on the Aviata Cloud Website (https://www.aviata.cloud).
See earlier chapters and the intro below.
Chapter 6: Embracing the Future: Migrating to Azure Monitor Agent
The Aviata Cloud team faced a new challenge as Azure’s traditional log agents became deprecated, necessitating a shift to the Azure Monitor Agent (AMA). This migration would make their Ubuntu 20.04 and Windows 10 configurations obsolete, but it was crucial for ensuring seamless log collection and processing across their cloud and on-premises environments.
Captain KubeAce Maverick and Chief Architect Bessie Coleman knew that transitioning to the AMA was essential for maintaining their competitive edge. Architect Coleman outlined the path forward: “The AMA offers enhanced capabilities, including integration with Azure event hubs and storage. This migration is vital for our mission’s success.”
The team began by decommissioning outdated log agents, carefully planning the transition to avoid data loss. Challenges arose as some legacy systems resisted the change, but the engineers used their expertise to overcome these obstacles. Configuring the AMA to handle increased data flow and ensuring robust security were top priorities.
As the migration progressed, the team tested the new setup rigorously, simulating attack scenarios to ensure the AMA could handle real-world threats. The results were promising—the AMA provided the scalability and security needed for Aviata’s ambitious goals.
With the migration complete, Captain Maverick addressed the team. “We’ve successfully navigated this transition. Our logging setup is now more powerful, scalable, and secure. But we must continue to innovate to ensure the success of the Airborne io 24 mission.”
The team, confident in their new logging setup, was ready for the challenges ahead. They knew that with AMA in place, Aviata Cloud was better equipped than ever to protect their mission and push the boundaries of cloud security.
Join us in the next chapter as the Aviata Cloud team continues to explore the evolving landscape of cloud technology and resilience.
Register here for the Hands-On Workshop with Simon Vernon, Chapter 6: Embracing the Future: Migrating to Azure Monitor Agent, on Thursday, September 19 at 10:00 AM ET | 14:00 UTC.
Chapter 5: Centralizing Cross Cloud Security Events
Captain KubeAce Maverick and the Aviata team were still reeling from the recent Kubernetes attack that resulted in the theft of their valuable flight plan and pilot data. While the cloud team successfully tracked down the Baron Von Herrington crew member responsible for the breach, the incident exposed a critical design flaw: the Kubernetes network and audit logs were stored locally in the Aviata team’s AWS account, instead of being centrally monitored by the security operations team.
Recognizing the deficiency in their logging architecture, Captain Maverick decided it was time to bring in reinforcements. Enter Chief Architect Bessie Coleman, a renowned expert in cloud security architecture. Architect Coleman’s mission was clear: design a new logging strategy that would ensure the Aviata team’s Kubernetes audit logs were centrally monitored, enabling quick detection and containment of security events.
In a strategic meeting with the Aviata team, Architect Coleman outlined her plan. “We need to send our Kubernetes audit logs into the security operations team’s centralized Microsoft Sentinel workspace. This will allow us to have a unified view of security events and enhance our detection and response capabilities.”
The Aviata team was eager to begin, but they knew the road ahead required meticulous planning and execution. Permissions needed to be granted for the Microsoft Sentinel workspace to read the logs from their AWS account. Event triggers were essential to notify Sentinel when new data was available. Additionally, log transformation and loading were necessary to ensure that Sentinel could process the data effectively.
The team divided the tasks to streamline the process. One group focused on configuring AWS permissions, ensuring that Sentinel had the necessary access to read the Kubernetes audit logs. This involved setting up cross-account roles and policies to facilitate secure and efficient log transfer.
Another group worked on creating event triggers. They utilized AWS CloudWatch Events to monitor the log files and trigger notifications whenever new logs were generated. These triggers were critical for real-time alerting and ensuring that no security events went unnoticed.
Meanwhile, a third group concentrated on log transformation and loading. They developed scripts to convert the AWS log format into a structure compatible with Microsoft Sentinel. This step was vital for Sentinel to ingest and analyze the logs accurately, providing meaningful insights and alerts.
Throughout the process, Captain Maverick and Architect Coleman provided guidance and support. Their combined expertise ensured that the team adhered to best practices and avoided common pitfalls. They emphasized the importance of thorough testing at each stage to validate the configuration and ensure seamless integration.
As the new logging architecture took shape, the team felt a renewed sense of confidence. They knew that centralizing their logging and monitoring capabilities would significantly enhance their ability to detect and respond to security threats. It was a critical upgrade, one that fortified their defenses and brought them one step closer to securing the Airborne io 24 mission.
In the final stages, the team conducted extensive tests to simulate potential attack scenarios and validate their detection capabilities. They fine-tuned the configurations, ensuring that alerts were triggered accurately and timely. The results were promising, with the centralized logging setup proving to be robust and responsive.
With the new logging architecture in place, Captain Maverick addressed the team. “We’ve turned a vulnerability into a strength. Our centralized monitoring system is now a formidable defense against any threats that come our way. But remember, this is an ongoing battle. We must remain vigilant and continue to refine our strategies.”
The team nodded in agreement, ready to face whatever challenges lay ahead. They knew that with their enhanced logging and monitoring capabilities, they were better equipped to protect the mission and ensure the success of the Airborne io 24.
Join us in the next chapter as the Aviata Cloud team continues to innovate and strengthen their defenses. Stay tuned for more insights and hands-on workshops as we delve deeper into the world of cloud security and resilience.
Register Here for the Hands-On Workshop with Eric Johnson, "Chapter 5: Centralizing Cross Cloud Security Events," on Thursday, August 29 at 10:00am ET | 1400 UTC.
Chapter 4: Attack and Detect Kubernetes: Aerial Combat Training
The Aviata Cloud team, guided by the experienced Captain Maverick, had successfully deployed a Kubernetes infrastructure to manage the crucial applications for the Airborne io 24 aircraft. This infrastructure was pivotal for the aircraft’s mission of navigating the globe.
Despite their advancements, the team was aware of the looming threat posed by the nefarious Baron Von Herrington. They had received intelligence that the Baron was actively seeking skilled Kubernetes professionals to compromise their systems. This heightened the urgency for the team to fortify their defenses and be prepared for any potential breaches.
Determined to protect their mission-critical systems, the Aviata Cloud team knew they had to master the art of detecting and responding to Kubernetes attacks. Captain Maverick called for a critical training session to simulate attacks and sharpen their defensive skills.
Gathering the team, Maverick laid out the plan. "We’ve strengthened our infrastructure, but we must be vigilant and ready to defend against any threats. Today, we simulate attacks to test our detection and response capabilities."
The team first identified potential attack vectors that adversaries like Baron Von Herrington might use, such as exploiting container vulnerabilities or targeting Kubernetes APIs. Using an advanced penetration testing tool, they simulated these attacks, allowing the team to experience a range of scenarios.
As the simulated attacks commenced, the team monitored their Kubernetes environment and set up alerts for unusual activities. Maverick stressed the importance of audit logs in detecting anomalies. "These logs are crucial. They record every action within our cluster and help us identify any malicious activities."
When alerts indicated potential breaches, the team shifted to investigation mode, analyzing logs, tracing the attacker’s steps, and identifying compromised containers. Armed with this knowledge, the team swiftly moved to contain and eliminate the threat, patching, redeploying affected services, and tightening network policies to restrict unnecessary communication.
After the intense training session, the team gathered for a debrief. The exercise had been challenging but invaluable in preparing them for real-world threats. "This was just a rehearsal," Maverick reminded them. "We must stay vigilant and ready. Our mission’s success depends on our ability to respond quickly and effectively to any threat."
The team, now more confident and prepared, knew that the real test lay ahead. With Captain Maverick’s guidance, they felt ready to defend their mission from any digital threat.
Join us in the next chapter as the Aviata Cloud team continues to strengthen their defenses and prepare for the ultimate battle against Baron Von Herrington. Stay tuned for more insights and hands-on workshops as we delve deeper into the world of Kubernetes security and innovation.
Register here for the hands-on workshop with Shaun McCullough, "Chapter 4: Attack and Detect Kubernetes: Aerial Combat Training," on Thursday, July 25 at 10:00am ET | 1400 UTC.
Chapter 3: Wings of Innovation: Transitioning to Containerization
As Aviata faced the technological tempest of cloud innovation, the decision to harness Kubernetes was not merely a choice but a critical pivot toward future-proofing their digital architecture. Kubernetes, the helm of modern cloud orchestration, promised scalability and resilience; but it also brought with it an ocean of complexities, especially in securing its dynamic environments. This was a sea where many had sailed but few had mastered.
At this critical juncture, Aviata needed more than just a navigator; they needed a captain seasoned in the arts of Linux, networking, security, cloud, and of course, Kubernetes. Enter Captain KubeAce Maverick, a name that echoed through the corridors of cloud technology like a legend. With an illustrious career marked by his pioneering approaches and a stalwart reputation, Captain Maverick was the beacon Aviata sought to guide them through these cloudy waters.
Captain Maverick, recognizing the apprehensive yet eager faces of the Aviata team, began his mentorship with a simple yet profound declaration: "One cannot secure what they do not understand." This principle laid the foundation of their journey together. Under his guidance, Aviata's team embarked on an intensive crash course in Kubernetes, diving deep into its core principles, operational intricacies, and, most crucially, its security paradigms.
Each session with Captain Maverick was a revelation. He unraveled the complexities of Kubernetes with the ease of a master storyteller. From the fundamental architecture to advanced deployment strategies and rigorous security measures, no stone was left unturned. His teachings were not just theoretical musings but were punctuated with rigorous practical exercises, simulating real-world scenarios that Aviata would likely face.
As the days unfolded into nights, the team's understanding deepened. Kubernetes was no longer an enigmatic challenge but a powerful ally - understood, respected, and mastered. With each lesson, their confidence burgeoned, and their capabilities to secure Aviata’s Kubernetes infrastructure solidified. They learned to navigate its vast, scalable network, implement robust security protocols, and deploy services with precision—all essential skills for safeguarding Aviata’s ambitions in the cloud.
This chapter of their journey was more than just about technological adoption; it was about transformation. Captain Maverick did not just teach them about Kubernetes; he prepared them to face any storm that might arise in the ever-evolving cloud landscape.
Join us as the story unfolds, with Captain KubeAce Maverick and the Aviata team steering through the clouds of change, their sights set on the horizons of innovation and security. This was not just preparation for a challenge; it was a rallying cry to embrace the future, armed with knowledge and fortified by the wisdom of experience.
Register Here for the hands-on workshop with Ahmed Abugharbia, "Chapter 3: Wings of Innovation: Transitioning to Containerization," on Thursday, June 13 at 10:00 AM ET | 1400 UTC
Chapter 2: Prevent Remote Code Execution with Private Endpoints
With the dawn of Aviata's historic flight looming, the requirement for their pilots to secure medical certifications added a layer of urgency to an already tight schedule. These certifications, vital for ensuring the pilots were fit for the unprecedented challenge ahead, needed a secure method of submission. The solution seemed straightforward—a simple web interface where pilots could upload their medical records to a central database, tucked safely within the digital walls of Aviata's technological infrastructure.
Opting for prudence, Aviata's cloud engineers built this system in a secluded section of their network, a Virtual Private Cloud (VPC) within AWS. This isolation was meant to be a fortress of solitude, preventing any rogue elements from reaching the broader internet. To facilitate the movement of files while maintaining this isolation, they established a private endpoint connecting directly to Amazon's Simple Storage Service (S3). Here, the data would remain entirely within the safe confines of AWS's internal network, a supposedly foolproof strategy.
However, the shadows cast by Baron Von Herrington and his crew loomed large and menacing. Ever resourceful, they identified a weak link in Aviata's armor. By injecting malware into a commonly used code package, which the Aviata team unwittingly incorporated into their file processing service, the Baron's crew set a digital trap. This malware, once activated, was designed to fetch additional malicious code from an external source. But with no direct internet access, how would this malware reach its insidious lifeline?
The answer lay within the very safeguards Aviata had put in place. Exploiting the private S3 endpoint, the malware used Aviata's legitimate access to download further payloads from a concealed S3 bucket controlled by Baron Von Herrington. This bucket, disguised within the maze of cloud storage, became a Trojan horse, unleashing havoc from within the confines of the isolated network.
Even more ingeniously, the malware leveraged the same private endpoint to exfiltrate sensitive data. It redirected the data to CloudTrail logs, which were then funneled back to the Baron's controlled bucket. What was designed as a fortress had become a conduit for espionage, all under the guise of internal traffic.
The challenge now is not just to identify the breach but to secure it without disrupting the vital processes that Aviata's mission depends on. Locking down the private endpoint to prevent interactions with unauthorized resources is crucial. The task is daunting—how does one safeguard a network that is both isolated yet connected, secure yet breached?
As Aviata stands on the brink of making history, they must navigate not only the skies but the complex web of cybersecurity. Can the network be sealed off in time, or will the Baron's digital saboteurs claim their victory not in the clouds, but in the silent, unseen realm of binary codes and malware? The saga continues, with high stakes and higher altitudes, where every digital footprint could either pave the way to triumph or to treachery.
Register Here for the hands-on workshop with Brandon Evans, "Chapter 2: Prevent Remote Code Execution with Private Endpoints," on Thursday, May 16 at 10:00 AM ET | 1400 UTC
Chapter 1: Making Mistakes Publicly: Cloud Edition
The journey of the ‘Airborne io 24’, an epic quest to etch Aviata Cloud's name into the annals of aviation history, begins not in the skies, but on the digital canvas of the internet. Aviata, in its bid for transparency and engagement, had launched a comprehensive online portal—https://aviata.cloud. This digital beacon, coupled with a specialized subsite, aviata.tracking.aviata.cloud, served as the digital twin of the ‘Airborne io 24’, meticulously mapping its intended path across the globe and announcing future landing sites. It was a treasure trove of data, a navigator's dream, and, unwittingly, a saboteur's paradise.
Unbeknownst to Aviata, within the binary undercurrents of their digital presence lay vulnerabilities—unprotected avenues and digital fissures that whispered secrets of the hosting account and platform. Information, seemingly benign, yet potent in the hands of a skilled adversary. Enter Baron Von Herrington and his crew, shadows cast long in the world of aeronautical rivalry. Driven by ambition and the allure of defeating Aviata, they turned their gaze towards these digital vulnerabilities, plotting to exploit them to their advantage.
The stage was set for a clash not of titans, but of intellects, as the Baron's crew embarked on a digital voyage, navigating through codes and firewalls in search of the Achilles' heel that would allow them to siphon off the precious data Aviata so proudly displayed. Their objective was clear: to gather sensitive information, disrupt the Airborne io 24's meticulously planned journey, and claim the glory for themselves.
As the digital siege unfolds, questions hang in the balance. What secrets will Baron Von Herrington uncover in the depths of Aviata's digital fortress? Will the breach go unnoticed, or will Aviata's team, with eyes set on the skies, discern the shadow creeping within their digital walls? The answers lie in the unfolding digital drama, a prelude to the aerial odyssey that awaits.
The challenge is set not just for Aviata and Baron Von Herrington, but for you, dear reader. As the narrative weaves through the realms of technology and adventure, your insights into cybersecurity, strategy, and the human element of competition become pivotal. Will you aid in the defense, or will you plot with the Baron, navigating the murky waters of digital espionage to tilt the scales in this high-stakes game of sky-bound ambition?
The adventure begins, not with a roar of engines, but with the silent hum of servers, a reminder that in the modern age, battles are fought on many fronts. Welcome to Chapter 1 of an epic saga, where the sky is not the only limit.
Register Here for the hands-on workshop with Moses Frost, "Chapter 1: Making Mistakes Publicly, Cloud Edition" on Tuesday April 16 at 10:00am ET | 1400 UTC
In an age where the sky is not just a frontier but a canvas for the ambitious, Aviata Cloud embarked on a journey unlike any before—a double circumnavigation of the globe, setting out to etch their names in the annals of aviation history. This wasn't merely a test of endurance but a ballet of technology and strategy, as they introduced the world to their marvel, the 'Airborne io 24'. This aircraft, a vessel of dreams powered by ingenuity rather than fossil fuels, required a symbiosis of human courage and artificial intelligence to navigate the Earth's vast expanse not once, but twice.
However, in the shadows lurked Baron Von Herrington and Co., their ambition tainted by the dark hues of unethical competition. The race for glory was marred by deception, with the barons of the sky resorting to sabotage: false weather forecasts intended to mislead, cyber intrusions designed to confuse, and drones deployed to hinder. Yet, it was in these trials that the spirit of Aviata Cloud shone the brightest.
Undaunted by the treachery, the team, led by a pilot of unmatched skill and an AI co-pilot/engineer of revolutionary intelligence, charted their course. Each attempt to lead them astray only sharpened their focus, each challenge a stepping stone to greater resilience. The false storms broke against their resolve, the hackers' traps disarmed by their vigilance, and the drone swarms outmaneuvered with graceful precision.
As the world watched, captivated by this epic saga, Aviata Cloud's journey transcended the mere physicality of their flight. It became a testament to the power of human and artificial intelligence collaboration, a beacon of integrity in the face of adversity. This wasn't just a race to circle the globe but a narrative of overcoming, a story of how, amidst the clouds, the true essence of courage, innovation, and honor unfolded, setting not just a record, but a legacy.