9:00 am - 9:15 am
MT
3:00 pm - 3:15 pm UTC | Opening Remarks |
9:15 am - 10:00 am
MT
3:15 pm - 4:00 pm UTC | Keynote: Security Journey at Elastic Walk with Mandy as she takes you through her journey from her first days of joining Elastic and her continued commitment to creating and maintaining a secure environment through self-defending environments using AI.
Show More
|
10:00 am - 10:15 am
MT
4:00 pm - 4:15 pm UTC | Break |
10:15 am - 10:50 am
MT
4:15 pm - 4:50 pm UTC | When Cloud Encryption Matters: From Another Layer of Access Control to a False Sense of Security Cloud Encryption is seen as a valuable component of a robust data security strategy. But what does cloud encryption actually offer in terms of security? Cloud Encryption has multiple different types including Cloud Service Provider Managed and Customer Managed. Depending on the type - the security offered can range from another robust layer of access control to a false sense of security. In this talk, we’ll cover the following: - Types of encryption (such as CSP Managed, Customer Managed) - Default encryption for services in cloud. - How cloud encryption impacts data perimeters. - How cloud encryption translates into and impacts cloud identity and access management. - Best practices and considerations for how to implement cloud encryption and data security in cloud.
Show More
|
10:15 am - 10:50 am
MT
4:15 pm - 4:50 pm UTC | Virtual Track EKS Security Safari: Hunting Threats in the Wild Wild Cloud Kubernetes is spreading through the world faster than a viral dance challenge on social media. As the K8S ecosystem on the cloud gains more attention and spotlight, hackers actively seek ways to bounce between clusters and clouds, aiming for unauthorized access. Join us to delve deep into the K8S security fundamentals on AWS (EKS) and their logging system. Explore K8S TTPs, K8S to AWS attack vectors and IAM role abuse. Gain a comprehensive understanding of conducting threat hunting on EKS, utilizing AWS and K8S logs to identify threat actors, particularly related to lateral movement and privilege escalation methods within the K8S environment.You’ll come away with practical knowledge about the relevant logs and how to use them to investigate potentials attacks on K8S and EKS. Moreover, you’ll become familiar with mitigation recommendations to prevent future cyber-attacks.Â
Show More
|
10:15 am - 12:15 pm
MT
4:15 pm - 6:15 pm UTC | In-Person Only Workshop: A security researcher’s view of GCP In this workshop participants will learn about how GCP is structured and organized. They will learn how IAM works in GCP and how it is utilized to grant users access to various resources. Participants have the option of following along or setting up their own GCP environment and recreating the techniques we are covering in the workshop in their own environment. After this workshop, participants should be able to comfortably navigate the gcloud cli as well as the GCP console. They will also have experience analyzing log events in GCP and identifying relevant data Prerequisites - Laptop Required
- Access to a Google Account - preferably with Google Cloud Platform and gcloud CLI
If you want to follow along in your own environment, it is recommended that you download about a week beforehand and setup.
- How to install the gcloud CLI
Show More
|
10:55 am - 11:30 am
MT
4:55 pm - 5:30 pm UTC | From AFT to ATO, AWS native FedRAMP through Terraform The process of obtaining a FedRAMP ATO in the AWS cloud, often begins with a separation of federal and commercial resources. This separation, or sometimes a move to a new AWS account, is a long and tedious process when starting from zero. We can simplify and automate this process using Terraform with AWS Control Tower via AFT. In this talk we'll look at how Terraform, AFT, and Control tower can be used to create an AWS Native, FedRAMP moderate landing zone. We'll then use the AFT managed pipeline to satisfy a NIST 800-53 control, demonstrating Terraform's FedRAMP automation capabilities.
Show More
|
10:55 am - 11:30 am
MT
4:55 pm - 5:30 pm UTC | Virtual Track Open-source serverless cloud Certificate Authority In this talk, we’ll provide details of our recently released open-source project. After a technical overview, you’ll see a hands-on live demonstration of the CA and an example mTLS use case. You’ll learn how you could use this solution for your own applications and systems, to provide a secure and cost-effective certificate authority infrastructure. Documentation: serverlessca.com Blog post: https://medium.com/@paulschwarzenberger/open-source-cloud-certificate-authority-75609439dfe7
Show More
|
11:35 am - 12:10 pm
MT
5:35 pm - 6:10 pm UTC | Breaking Copilots For Fun and Profit Every organization recognizes the substantial productivity enhancements provided by AI assistants. Microsoft 365 Copilot, GitHub Copilot, and similar tools are prime examples of the benefits derived from using a Retrieval-Augmented Generation (RAG) architecture in enterprise settings. However, these AI solutions are often developed and deployed rapidly by vendors and organizations, which can lead to significant vulnerabilities. In this talk, we will explore the threat model associated with these Copilots, demonstrate their internal mechanics, and discuss real-world examples of vulnerabilities, attack scenarios, and mitigation strategies.
Show More
|
11:35 am - 12:10 pm
MT
5:35 pm - 6:10 pm UTC | Virtual Track Threat Hunting with Kusto - The query language to uncovering the unknown Join us for an illuminating session on leveraging Kusto, Microsoft's powerful query language, for effective threat hunting. Kusto, offers unparalleled capabilities for analyzing large volumes of data with lightning speed and precision. In this session, we'll dive into the fundamentals of Kusto and explore how it can be used to detect and investigate security threats within your organization's data ecosystem. From crafting complex queries to interpreting query results, attendees will learn practical tips and best practices for harnessing the full potential of Kusto in threat hunting scenarios. Whether you're new to Kusto or seeking to deepen your expertise, this session promises valuable insights to empower you in the ongoing battle against cyber adversaries.
Show More
|
12:10 pm - 1:30 pm
MT
6:10 pm - 7:30 pm UTC | Lunch |
1:30 pm - 2:05 pm
MT
7:30 pm - 8:05 pm UTC | Let’s Do DevOps: Writing a New Terraform /Tofu AzureRm Data Source — All Steps! Writing Terraform is so fun, surely writing some functionality for the provider's that underpin Terraform must be easy, right? Let's walk all the way through confirming some functionality that was missing from the AzureRM Provider, to poking around at the provider source code, to writing, testing, and opening a PR to add the functionality we need, and how you can do so too!
Show More
|
1:30 pm - 2:05 pm
MT
7:30 pm - 8:05 pm UTC | Virtual Track Keep Calm & How to Deploy Safely at Billion Event Scale Eran Bibi, Co-Founder & Chief Product Officer, Firefly In today's high-scale and high-velocity complex operations, the process and culture are as important as the technology that supports it. In this talk, end-user unicorn AppsFlyer will talk about their journey to building a platform-as-a-product to achieve the velocity, predictability, and self-serve using GitOps to the massive scale their system today requires. We'll look at considerations like building trust into the dev process, correct PR etiquette, codification of resources for agility and automation, and better safety guardrails baked in, all powered by open source and CNCF technology - K8s, flux, Streamzi and OPA. This talk will examine how a real-world high-scale end-user company does this built on an open source and cloud native stack.
Show More
|
1:30 pm - 3:30 pm
MT
7:30 pm - 9:30 pm UTC | In-Person Only Workshop: Put Detection and Remediation Engineering to work with Open Source: a practitioner perspective Whether you are a long time cloud security practitioner or if you are just getting started, this workshop will give you the tools to get cloud security up and running and under control at your organization. With millions of downloads and a large community of users, Prowler is one of the most used tools when it comes to cloud security assessments, hardening, incident response and security posture monitoring.Prowler has some new features and important changes in v4. This includes multi-cloud architecture, python detections and remediations, and a load of new checks for compliance. We will teach how to get the most from Prowler and adapt it to your requirements. Prerequisites - Laptop with the following: Python 3.11 - pip for Python
- Git
- IDE Code editor like VSCode installed in the operating system.
Enough credentials for their own AWS, GCP or Azure infrastructure to create users and/or roles. If willing to do the K8s labs, have permissions to create Kubernetes manage service in their cloud or Docker Desktop installed.
Show More
|
2:10 pm - 2:45 pm
MT
8:10 pm - 8:45 pm UTC | Best Practices for How to Manage All Your Access from the Cloud: The Next Frontier in Your Security Journey Driving your organization toward least privilege involves more than just monitoring administrative access. Access to business data can be as critical as administrative access to systems, particularly in highly regulated industries. With the rise of AI capabilities - discovery, ransomware, and data leakage and exfiltration are bigger threats than before. In this talk, we'll cover how to define controls and their use cases, as well as how to identify common resources utilized by the business. We'll highlight the parallels between managing administrative systems and business data and provide frameworks for governing privileged user access like privileged admin access. You'll leave with a practical list of go-do's and quick wins to embark on the next phase of your journey toward least privilege.
Show More
|
2:10 pm - 2:45 pm
MT
8:10 pm - 8:45 pm UTC | Virtual Track The Red Pill: Unpacking the Psycho-Cyber IAM Kill Chain It's funny how some of the most common patterns in engineering organizations are essentially anti-patterns when it comes to access control and safety. In this talk, we'll take you down the rabbit hole of bad access control practices we've witnessed firsthand at clients and partners, that you should definitely rethink. This includes everything from shared admin accounts, shared passwords, over-privileged and long-lasting highly privileged accounts.We'll show how these bad practices can ultimately result in significant harm to your organization––everything from the obvious hijacking of accounts, through social engineering tactics and techniques these practices open the doors wide open to, and how with access to sensitive IT systems, you can put your company and client data at serious risk. We'll walk through real live scenarios of adversarial attacks using the most common methods that are still prevalent in the wild––along with a real world HUMINT (AKA social engineering) and PsyOps that are the backbone to psycho-cyber kill chains. We'll provide practical tips for how to prevent these types of attacks both on a human level and technical level. You'll come away with better security hygiene for your organization, and vigilance as the gatekeeper and guardians.
Show More
|
2:50 pm - 3:10 pm
MT
8:50 pm - 9:10 pm UTC | Break |
3:10 pm - 3:45 pm
MT
9:10 pm - 9:45 pm UTC | Connecting the Broken Links - Exploring Identity Integrations between the Three CSPs and their Managed Kubernetes Offerings AWS, Azure, and GCP all offer a managed Kubernetes service. In addition, all three also offer integration with their IAM backbone to allow both authentication into the cluster from a cloud identity, and providing of IAM credentials to workloads on the cluster to allow secure access to the cloud provider APIs. While this is a valuable feature for securing managed Kubernetes clusters without adding additional identity mechanisms, it's yet another feature for Cloud Security teams to understand and secure. This talk will explore the identity integrations between each of the Cloud Providers and their managed Kubernetes flavors, at a code level to dispel any ambiguity on where the Cloud Provider APIs work with the managed clusters to provide authentication. We will explore how access is granted to cloud identities, and what boundaries can be crossed (eg - cross account access, etc), as well as potential abuse cases. For the defender, we will also specifically talk about how these identities tie into cluster logging, and to trace the full range of events even when someone is authenticating into a cluster using their cloud credentials
Show More
|
3:10 pm - 3:45 pm
MT
9:10 pm - 9:45 pm UTC | Virtual Track Who Polices the Policies? Privilege Escalation & Persistence with Azure Policy The Microsoft Azure threat matrix contains a mysterious and almost empty item: AZT508 - Azure Policy, which suggests this service can break bad but gives almost no details as to how. To quote Microsoft: “Azure Policy helps to enforce organizational standards and to assess compliance at-scale.“ How does this banal sounding service come to be used for attacking Azure users? This talk aims to fill in the picture. We will explore the Azure Policy service and how it can be used for badness: punching holes in ACLs, creating persistent backdoors on virtual machines, assigning attacker controlled roles to resources, modifying database encryption, etc. I will demo an abuse scenario, and discuss others that can be used for privilege escalation and persistence. I will also discuss a confused deputy attack on this service. Finally, I will share detection and control recommendations.
Show More
|
3:50 pm - 4:25 pm
MT
9:50 pm - 10:25 pm UTC | The Yin and Yang of Generative AI in Cybersecurity: Opportunities and Challenges The rapid advancements in Generative AI have opened up a new frontier in cybersecurity, presenting both unprecedented opportunities and daunting challenges. This presentation aims to equip attendees with the critical knowledge and tools needed to navigate the evolving threat landscape shaped by the rise of AI-powered cyber attacks. The session will delve into the dark side of Generative AI, showcasing how malicious actors are weaponizing this technology to create highly sophisticated phishing campaigns, develop advanced malware, and introduce novel attack methods such as LLM supply chain poisoning. Through real-world examples, participants will gain a comprehensive understanding of the emerging risks associated with Generative AI in the context of cybersecurity. However, the presentation will also emphasize the importance of harnessing the potential of Generative AI responsibly to strengthen organizational defenses. Attendees will learn essential security strategies and best practices to fortify their systems against AI-driven threats, as well as techniques to identify and neutralize these evolving attacks proactively. By striking a balance between exploring the dark side of Generative AI and empowering participants to adapt their defenses accordingly, this session aims to foster a more secure and resilient cybersecurity landscape in the face of this transformative technology.
Show More
|
4:30 pm - 4:45 pm
MT
10:30 pm - 10:45 pm UTC | Day 1 Wrap-up |
5:30 pm - 8:30 pm
MT
11:30 pm - 2:30 am UTC | In-Person Only Night out in Denver, CO at the Museum of Illusions Experience an event venue that defies the laws of physics and challenges your senses. Enter the fascinating world of illusions where nothing is ever quite as it seems. Visit us at Museum of Illusions Denver and see WOW! Entry, food and drinks will be provided.
Show More
|