SkyArk is a cloud security project with two main scanning modules:>
These two scanning modules will discover the most privileged entities in the target AWS and Azure. The module provides new valuable insights from cloud trail logs. Security teams can use the results file to investigate sensitive actions, discover the entities that look those action and reveal additional valuable details on each executed and logged actions.
SkyArk is focusing on mitigating the new threat of cloud shadow admins, and help the organizations to discover, assess and protect cloud privileged entities. Stealthy and undercover admins may reside in every public cloud platform and SkyArk helps mitigating the risk in AWS and Azure.
SkyArk deals with the new uprising threat of cloud shadow admins how attackers find and abuse non-trivial and so called limited permissions to still make it through and escalate their privileges and become full cloud admins. Furthermore attackers can easily use those tricky specific permissions to hide stealthy admin entities that will wait them as undercover persistence technique. SkyArk was initially published as a part of research on the threat of AWS shadow admins, this research was presented at RSA USA 2018 conference.
SkyArk currently contain two main scanning module Azure stealth and AWS stealth. With the scanning results organizations can discover the entities that have more sensitive and risky permissions. Potential attackers are hunting for those and defensive teams should make sure this privileged users are well secured have strong, rotated and safety store credentials, being monitored carefully, etc. Remember that we cannot protect the things we don’t aware of and SkyArk helps in complex mission of discovering the most privileged cloud entities including the straight forward admins and also the stealthy shadow admins that could easily escalate their privileges and become full admin as well as.
Azure stealth is a PowerShell script that uses free Azure’s PowerShell modules, it requires PowerShell version 5.1+.
(-)Scan-Azure admins -UseC
(-)Scan-Azure admins -GetP
SkyArk runs in PowerShell and uses free AWS PowerShell Module, you can download AWS tools for Windows PowerShell in advance:
Open the PowerShell SkyArk folder with running script permissions.
Download the SkyArk Tool: https://github.com/cyberark/SkyArk
The recent pandemic was unexpected and unknown to most part of the world. It has changed our life and we are slowly adapting to our new lifestyle. The risks associated with the new lifestyle, both personal & corporate, are unknown to most of us.Read Details