Patrolaroid is an instant camera for capturing cloud workload risks. It’s a prod-friendly scanner that makes finding security issues in AWS instances and buckets less annoying and disruptive for software engineers and cloud admins.
Patrolaroid scans production infrastructure from a safe distance rather than within production, so you don’t have to install an agent, run code, or perform other invasive infosec rituals to use it.
Patrolaroid snapshots AWS instances and buckets to uncover malware, backdoors, cryptominers, toolkits, and other attacker tomfoolery that you probably don’t want in your prod. Software engineers, security engineers, and cloud administrators only need familiarity with YARA and the AWS Management Console to use it.
Patrolaroid does not require running an agent or code in prod, only needs read-only access to cloud assets, and generally avoids the myriad stability and performance sins of security tools.
Most commercial “cloud security” scanners that aim to detect malware in cloud workloads ironically operate pretty similarly to malware. Their mode of operation is:
This results in the security agent stealing compute cycles and I/O from the host it’s scanning, which is veritably unstonkly – as is the chance that prod is borked if the agent screws up.
Patrolaroid avoids these problems by scanning prod instances and buckets for security problems while staying safely out of prod. After the engineer or admin identifies the AWS account containing the resources they want to scan, Patrolaroid then:
In short, Patrolaroid provides "point-and-shoot" malware scanning of AWS assets without the malware-like tactics of existing “cloud security” tools.
All you need is an AWS account and the ability to create an AWS role and EC2 instance to get Patrolaroid up and running. Getting started involves creating a dedicated EC2 instance for Patrolaroid in the same AWS account and availability zones as the assets you want to scan.
☁️ Make sure to use the account and availability zone you want to scan to create the role ☁️
☁️ Make sure you’re still logged into the account you want to scan before proceeding ☁️
curlby running the command:
sudo apt-get install curl
Ensure you are connected to your dedicated EC2 instance and then download Patrolaroid to it by running:
curl -L https://github.com/rpetrich/patrolaroid/releases/download/v0.3/patrolaroid.tar.gz | tar xz
Start scanning by running Patrolaroid via
Enjoy your ☁️ 🔒 📷 🖤