Pwned Cloud Society: Exploiting and Expanding Access within Azure & AWS

No ratings

Presented at BSidesSLC 2017 by

Bryce Kunz

With more companies rapidly leveraging cloud providers for services, how do we more effectively exploit and expand access within these cloud-based environments? This session will help you hit the ground running with your next security assessment by demonstrating common weakness and misconfigurations I have seen in real world AWS and Azure implementations. This includes leveraging undocumented features to expand access, pivoting from the compute layer to cloud management interfaces, and manipulating logging to cover your tracks. Never fear, I will also show you some of the latest techniques on how organizations can better secure information systems within Azure & AWS by leveraging both standard cloud hardening techniques as well as implementing some unique and unconventional detection techniques. Cloud: it's a privilege, not a right.