AWS Root Key


A legacy SVN server is found to be exposed on the internet Review of the source code identifies a number of secrets:

  • Usernames and passwords of production DBs and Servers
  • AWS key Upon review, the AWS key is active and has root privileges

Objective: Understand and contain issue(s) without any pushes to production

  • You can use any technology you want (ideally ones you have experience with) and any Group Security team size
  • Describe what you would do and how you would act (ideally in diagram format)
  • Who would you talk to?
  • What actions would you take to contain and remediate the issue(s)?

Resources and Technologies available:

  • Techops, Webops, and Dev teams
  • Slack, Jira, Confluence, ELK, Grafana, Nagios, Akamai, AWS, Cisco Firewalls, Landeks, and DarkTrace

Back to all challenges

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Contact

Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
England