AWS HoneyKeys — Fast and reliable way to detect intrusions on servers

Hackers love AWS Keys, It gives access to an entire cloud. It’s the most valuable treasure that an attacker could find inside a compromised server.

In this post I will show how we can use fake access keys, to detect compromised instances in our production environment.

Scope

We will talk about how to detect intruders early on systems, with real-time alerts. We won’t discuss mitigations or protections to prevent this kind of attack.

Before we talk about the solution proposed, we will see some concepts related to security.

My servers have never been hacked…

¿yes? ¿100% sure?

Even though a system could be secure, ever it’s feasible to be hacked, and in most cases, it’s probable that has been attacked and you haven’t ever noticed about that.

Hackers are experts in infiltrating into systems, either on cloud instances or personal computers, smartphones, etc. Gain access to the system is just the first step of the attack; in most cases, the next step is…