Through the Looking Glass

<h1>Introduction</h1> <p>AWS traffic mirroring is a feature&nbsp;<a href="https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/" rel="noopener ugc nofollow" target="_blank">introduced by Amazon Web Services (AWS) on June 25th, 2019</a>. After the release, Mike LoSapio of&nbsp;</p> <p><a href="https://medium.com/u/1529195d9f13?source=post_page-----f539ae308512--------------------------------" rel="noopener" target="_blank">Palantir</a></p> <p>&nbsp;identified that it might pose a risk, and suggested that I research the feature as part of the partnership between our two companies. Huge thanks to him and the entire team at Palantir for being an inspiration for this post, and overall excellent people.</p> <p>In this post I am going to provide details on how this new feature works, legitimate use cases, and possible avenues of abuse.</p> <blockquote> <p><strong><em>Two years later, after further research in this topic &mdash; the likelihood of this being used as in an attack is incredibly low. I am leaving the post up as a technical resource for the feature.</em></strong></p> </blockquote> <p>This post assumes that the reader has an introductory level of knowledge regarding AWS, but each new AWS term I introduce I have linked to the relevant documentation just in case.</p> <h2>AWS feature announcements</h2> <p>When cloud-sourcing capability, administrators lose some level of control over their environment. New features and abilities may be rolled out without warning or permission so it is important to stay on top of new releases and updates to enhance the security posture of the cloud-sourced environment. The official&nbsp;<a href="https://aws.amazon.com/blogs/" rel="noopener ugc nofollow" target="_blank">AWS blog</a>&nbsp;is an excellent resource for announcements regarding new features that may introduce attack paths to your organization, and should be monitored by anyone who is responsible for the security of an AWS environment. The<a href="https://twitter.com/awscloud" rel="noopener ugc nofollow" target="_blank">&nbsp;AWS Twitter account&nbsp;</a>posts similar announcements, as well as many industry experts who monitor cloud feature releases.</p> <p><a href="https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512"><strong>Read More</strong></a></p>
Tags: Looking Glass