Most aws breaches aren't that deep.
Posted by 2xDefender@reddit | sysadmin | View on Reddit | 9 comments
Not zero days, not advanced attacks. IAM wildcards, public S3 buckets, IMDSv1 still on secrets sitting in lambda env vars same story every time.Misconfigs that just never got looked at.Anyone actually doing manual audits or just trusting Security Hub?
Express-Pack-6736@reddit
You're spot on. Security Hub catches maybe 30% of the obvious stuff but misses context completely. We work with orca for agentless scanning, finds secrets in Lambda env vars, maps IAM wildcards to attack paths, flags IMDSv1 instances. Takes like 20 minutes to connect an account and suddenly you see everything that's exploitable
ColdPlankton9273@reddit
'just never got looked at' - YUP. Security Hub shows the finding. CloudTrail logs the event. The problem is that nobody owns the closure loop between 'finding exists' and 'human confirmed it was fixed.' The audit runs, the dashboard turns green, but nobody verified whether the remediation actually propagated to the team that needed to act on it.
cnrdvdsmt@reddit
Security Hub catches the obvious stuff but misses context completely. We had 3000+ findings that looked scary until we mapped what was reachable. Turned out 90% were noise like vulnerabilities on instances with no internet access or overprivileged roles that couldn't touch anything sensitive. Started using Orca for the attack path analysis and it cut our backlog to like 200 issues. Manual audits are dead, you need something that understands relationships between your assets
glitch841@reddit
Totally normal. Developer often don’t think beyond hitting their milestones and security, support and infrastructure are all someone else’s problem.
Security more often than not is an afterthought and without having to be compliant with some law/regulation it can be an up hill battle with management.
2xDefender@reddit (OP)
Feels like it’s more neglect than anything most of the time.
glitch841@reddit
This too.
LinusParkourTips@reddit
Whatever you're selling I'm not interested
Afraid-Donke420@reddit
Welcome to cybersecurity
2xDefender@reddit (OP)
That’s been my experience so far.What do you usually see?