WingNews logo WingNews
top | item 35471315

(no title)

mcdwayne | 2 years ago

Basically, rotate as soon as you can* and start looking through your AWS logs and setting to see if any services you don't recognize have been spun up. Is you think you have been attacked or see stuff you did not spin up, contact AWS support ASAP!

*Do NOT just revoke keys if it is in a production system where other people are working or are depending on. Talk to your team and figure out what the remediation process is internally and follow that! If you are working by yourself and no one is relying on services this key is associated with, then yeah, just revoke and replace ASAP.

Here are a couple blogs that cover what you are looking for as well https://blog.gitguardian.com/leaking-secrets-on-github-what-... https://blog.gitguardian.com/thinking-like-a-hacker-aws-keys...

discuss

order

No comments yet.