he keeps saying Amit or Ahmet (my name) and I'm not sure why 😄
@dennisasilvabr1Ай бұрын
Welcome to fwd:cloudsec Europe - 10:18 How to 10X Your Cloud Security (Without the Series D) - 27:15 Cloud-Conscious Tactics, Techniques, and Procedures (TTPs) - 1:19:17 Hidden in Plain Sight: (Ab)using Entra's AUs - 2:06:25 Service Agents and the Search for Transitive Access in GCP - 2:33:10 Doing bad things for the right reasons: A look at the AWS vulnerability disclosure and remediation process - 3:01:36 Staying Sneaky in Microsoft Azure - 4:41:23 Kubernetes Audit Log Gotchas - 5:11:58 Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and beyond) - 5:56:24 Hidden Among the Clouds: A Look at Undocumented AWS APIs - 6:25:27 GCP and AWS identity federation - lessons learned from the field as well as cross-cloud forensics and incident response - 7:11:08 Build Your Own CloudTrail - 7:40:23
@spideytech9403Ай бұрын
will do research on aws !
@kevinhock10413 ай бұрын
14:49 is a great idea
@kevinhock10413 ай бұрын
Hmm, wish there was a list of permission-only actions..
@kevinhock10413 ай бұрын
re: 6:05 , i found SourceInstanceARN more useful, fwiw (since i didn't have a reliable suffix on all ec2 iam roles) The “Null” operator on the ec2:SourceInstanceARN condition key is designed to ensure that this policy only applies to EC2 instance roles, and not roles used for other purposes,
@bogdangaliceanu63263 ай бұрын
this is beautiful
@joeyjojojojojojojojojojojojojo3 ай бұрын
Telling everyone that they belong was the most wonderful song
@simple-Earthling3 ай бұрын
The only talk that actually gives some semblance of examples for containment strategy. Thanks for useful insights.
@donatocapitella3 ай бұрын
great talk guys!
@seek_zero3 ай бұрын
Great insghts!!
@chuangwang49543 ай бұрын
Does Okta store the plaintext of the password or the hash of a password? Most likely store the hash of password, if in this case, how to steal the plaintext of password?
@peteuplink3 ай бұрын
Reminds me a bit of Tom Lehrer 😄
@loremipsum6853 ай бұрын
Move over Bo Burnham! This is so fun!
@TekDefense4 ай бұрын
A couple items I wanted to clarify. This attacker is opportunistic in the tooling they use, not in the targeting. Also, I apologize for the BINGO madness, it seemed like a much better idea the night before :)
@patrickkabongo13174 ай бұрын
Thank you for ths insights Meg!
@awssecuritylabs4 ай бұрын
Why cant we just use aws:SourceVpc
@dadin224 ай бұрын
Facinating
@kumarbiswasamparkkhatai85124 ай бұрын
Thanks for the info 👍 🎉.
@kadkoda4 ай бұрын
Great session!
@coreyspeedmode92874 ай бұрын
No way! Love this guy
@HoustonHopkins4 ай бұрын
such fun research! I love the new take on traditional takeover/squat and log research.
@ronvalensi4 ай бұрын
Great session!
@-.-._6 ай бұрын
how to create a profile ? the project's documentation lacks a lot
@ntcgtech115310 ай бұрын
This is amazing , upon running the cmdlet - Set-AADIntAzureADObject -SourceAnchor $cloudAnchor -onPremisesSamAccountName $targetSAM -onPremiseSecurityIdentifier $b64_sid it throws an error This version of the Identity synchronization tool is not supported. You may be running an older version of the Identity synchronization tool. Make sure you are running the latest version. You can obtain the latest version by downloading it from the Identity synchronization page in your Admin Portal. If the error persists, contact Technical Support. Could you help me with this ?
@zoph11 ай бұрын
Awesome dude.
@ellislr7731 Жыл бұрын
💞 "promo sm"
@tanmoypaul1362 Жыл бұрын
Hello! Is there a link to access the evaluation matrix that is shown on the slides?
@usmannawaz1447 Жыл бұрын
Good to see you guys 👌
@AndrewCarrter Жыл бұрын
Let's go scott xD
@jonathanrault2612 Жыл бұрын
Great talk, and really like to be able to hear the questions of the crowd
@seek_zero Жыл бұрын
00:11:50 - Pivoting Clouds in AWS Organizations 01:01:08 - AWS Identity Center - Extending Cloudsplaining to score Users & Permission sets risks 01:30:21 - Helping developers drink from a champagne flute and not a firehose when it comes to cloud security 02:01:51 - IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance) 03:10:22 - Stop the Bulldozers: Hardening the AWS CDK deployment process 03:41:13 - Unmasking the Subnet: Lookalike IP Ranges in Cloud Environments 04:41:02 - Swimming with the Sharks. IR Kubed.
@seek_zero Жыл бұрын
00:20:55 - [Low volume in initial part] - The Good, the Bad, and the Vulnerable: A comprehensive overview of vulnerabilities in cloud environments 00:52:27 - IMDS: The Gatekeeper to Your Cloud Castles (And How to Keep the Dragons Out) 01:40:10 - Vulnerabilities and Misconfigurations in GitHub Actions 02:10:08 - Google Cloud Threat Detection: A Study in Google Cloud 04:03:15 - A Year of NO: building organizational IAM guardrail policies that work 04:29:58 - From ‘huh?’ to privilege escalation: finding vulnerabilities from a bug in the AWS console 05:00:04 - gVisor: The Future of Container Security 06:20:10 - Passing The Security Burden - How To See The Unforeseen 06:50:45 - Scanning the internet for external cloud exposures 07:22:48 - Operationalizing GCP’s Asset Inventory for Cloud Enlightenment
@armaanKhan-cu9uk Жыл бұрын
Thank you @fwd:cloudsec I can not afford the whole conference, but I would love to buy you guys coffee/beer cheers. Thank you for your contribution and enlightenment. I loved the training idea. Additionally, if you guys had a service to provide support or expertise OnDemand. Expertise as a service and charge by hours. That will be so helpful to business that can not afford fulltime person.
@seek_zero Жыл бұрын
00:37:15 - Beyond the AWS Security Maturity Roadmap 01:06:23 - Success Criteria for your CSPM 01:57:47 - The Unholy Marriage of AWS IAM Roles and Instance Profiles 02:25:30 - Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail 04:18:10 - The Ins and Outs of Building an AWS Data Perimeter 04:45:44 - How do you set boundaries? i.e AWS Permissions boundaries in large cloud environments 05:01:13 - [Seems Half Recorded] Patterns in S3 Data Access: Protecting and enhancing access to data banks, lakes, and bases 06:12:40 - AWS Presigned URLs: The Good, The Bad, and The Ugly 06:42:24 - It's Just a Name, Right? 07:12:05 - Trusted You: A Demonstrated Abuse of Cloud Kerberos Trust
@seek_zero Жыл бұрын
00:14:00 - How Citi advanced their containment capabilities through automation 01:04:24 - Tales From the Sewer: A plumber’s view of building a data security platform 01:33:25 - CloudFox + CloudFoxable: A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths 02:03:35 - Billions Served: Processing Security Event Logs with the AWS Serverless Stack 03:14:10 - Rolling out AWS Infrastructure Everywhere with Space Ships
@thiagoeh Жыл бұрын
14:40 Welcome 04:17:13 Building an AWS Data Perimeter
@Crazy_Cranberry Жыл бұрын
First presenter killed it
@rmat007 Жыл бұрын
Cool tool
@kevinhock10412 жыл бұрын
Great talk dpopes et al!
@kevinhock10412 жыл бұрын
Great talk max!
@clemiboi2 жыл бұрын
Well presented , thank you.
@lingxiankong47912 жыл бұрын
Really like this presentation, thanks!
@Zubi_zoobster2 жыл бұрын
Best explanation and use cases I've seen on VPC service controls and within 20 minutes 👏