Ondricka Place

he keeps saying Amit or Ahmet (my name) and I'm not sure why 😄

Welcome to fwd:cloudsec Europe - 10:18 How to 10X Your Cloud Security (Without the Series D) - 27:15 Cloud-Conscious Tactics, Techniques, and Procedures (TTPs) - 1:19:17 Hidden in Plain Sight: (Ab)using Entra's AUs - 2:06:25 Service Agents and the Search for Transitive Access in GCP - 2:33:10 Doing bad things for the right reasons: A look at the AWS vulnerability disclosure and remediation process - 3:01:36 Staying Sneaky in Microsoft Azure - 4:41:23 Kubernetes Audit Log Gotchas - 5:11:58 Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and beyond) - 5:56:24 Hidden Among the Clouds: A Look at Undocumented AWS APIs - 6:25:27 GCP and AWS identity federation - lessons learned from the field as well as cross-cloud forensics and incident response - 7:11:08 Build Your Own CloudTrail - 7:40:23

will do research on aws !

14:49 is a great idea

Hmm, wish there was a list of permission-only actions..

re: 6:05 , i found SourceInstanceARN more useful, fwiw (since i didn't have a reliable suffix on all ec2 iam roles) The “Null” operator on the ec2:SourceInstanceARN condition key is designed to ensure that this policy only applies to EC2 instance roles, and not roles used for other purposes,

this is beautiful

Telling everyone that they belong was the most wonderful song

The only talk that actually gives some semblance of examples for containment strategy. Thanks for useful insights.

great talk guys!

Great insghts!!

Does Okta store the plaintext of the password or the hash of a password? Most likely store the hash of password, if in this case, how to steal the plaintext of password?

Reminds me a bit of Tom Lehrer 😄

Move over Bo Burnham! This is so fun!

A couple items I wanted to clarify. This attacker is opportunistic in the tooling they use, not in the targeting. Also, I apologize for the BINGO madness, it seemed like a much better idea the night before :)

Thank you for ths insights Meg!

Why cant we just use aws:SourceVpc

Facinating

Thanks for the info 👍 🎉.

Great session!

No way! Love this guy

such fun research! I love the new take on traditional takeover/squat and log research.

Great session!

how to create a profile ? the project's documentation lacks a lot

This is amazing , upon running the cmdlet - Set-AADIntAzureADObject -SourceAnchor $cloudAnchor -onPremisesSamAccountName $targetSAM -onPremiseSecurityIdentifier $b64_sid it throws an error This version of the Identity synchronization tool is not supported. You may be running an older version of the Identity synchronization tool. Make sure you are running the latest version. You can obtain the latest version by downloading it from the Identity synchronization page in your Admin Portal. If the error persists, contact Technical Support. Could you help me with this ?

Awesome dude.

💞 "promo sm"

Hello! Is there a link to access the evaluation matrix that is shown on the slides?

Good to see you guys 👌

Let's go scott xD

Great talk, and really like to be able to hear the questions of the crowd

00:11:50 - Pivoting Clouds in AWS Organizations 01:01:08 - AWS Identity Center - Extending Cloudsplaining to score Users & Permission sets risks 01:30:21 - Helping developers drink from a champagne flute and not a firehose when it comes to cloud security 02:01:51 - IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance) 03:10:22 - Stop the Bulldozers: Hardening the AWS CDK deployment process 03:41:13 - Unmasking the Subnet: Lookalike IP Ranges in Cloud Environments 04:41:02 - Swimming with the Sharks. IR Kubed.

00:20:55 - [Low volume in initial part] - The Good, the Bad, and the Vulnerable: A comprehensive overview of vulnerabilities in cloud environments 00:52:27 - IMDS: The Gatekeeper to Your Cloud Castles (And How to Keep the Dragons Out) 01:40:10 - Vulnerabilities and Misconfigurations in GitHub Actions 02:10:08 - Google Cloud Threat Detection: A Study in Google Cloud 04:03:15 - A Year of NO: building organizational IAM guardrail policies that work 04:29:58 - From ‘huh?’ to privilege escalation: finding vulnerabilities from a bug in the AWS console 05:00:04 - gVisor: The Future of Container Security 06:20:10 - Passing The Security Burden - How To See The Unforeseen 06:50:45 - Scanning the internet for external cloud exposures 07:22:48 - Operationalizing GCP’s Asset Inventory for Cloud Enlightenment

Thank you @fwd:cloudsec I can not afford the whole conference, but I would love to buy you guys coffee/beer cheers. Thank you for your contribution and enlightenment. I loved the training idea. Additionally, if you guys had a service to provide support or expertise OnDemand. Expertise as a service and charge by hours. That will be so helpful to business that can not afford fulltime person.

00:37:15 - Beyond the AWS Security Maturity Roadmap 01:06:23 - Success Criteria for your CSPM 01:57:47 - The Unholy Marriage of AWS IAM Roles and Instance Profiles 02:25:30 - Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail 04:18:10 - The Ins and Outs of Building an AWS Data Perimeter 04:45:44 - How do you set boundaries? i.e AWS Permissions boundaries in large cloud environments 05:01:13 - [Seems Half Recorded] Patterns in S3 Data Access: Protecting and enhancing access to data banks, lakes, and bases 06:12:40 - AWS Presigned URLs: The Good, The Bad, and The Ugly 06:42:24 - It's Just a Name, Right? 07:12:05 - Trusted You: A Demonstrated Abuse of Cloud Kerberos Trust

00:14:00 - How Citi advanced their containment capabilities through automation 01:04:24 - Tales From the Sewer: A plumber’s view of building a data security platform 01:33:25 - CloudFox + CloudFoxable: A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths 02:03:35 - Billions Served: Processing Security Event Logs with the AWS Serverless Stack 03:14:10 - Rolling out AWS Infrastructure Everywhere with Space Ships

14:40 Welcome 04:17:13 Building an AWS Data Perimeter

First presenter killed it

Cool tool

Great talk dpopes et al!

Great talk max!

Well presented , thank you.

Really like this presentation, thanks!

Best explanation and use cases I've seen on VPC service controls and within 20 minutes 👏

Great talk!

Good presentation!

Great talk. Thanks!