SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18

Cloud & DevOps Security 2020 - Live Online

Virtual, US Mountain | Mon, Oct 19 - Sat, Oct 24, 2020

Cloud & DevOps Security Summit @Night Agenda

Live Online | October 19-22
Monday, October 19 - all times are Mountain Daylight Time (UTC-6)

Register for This Session

12:15 - 1:00 pm MDT


Security Cloud != A Secure Cloud

Emily Fox, DevOps Security Lead, NSA, Developer Security Lead for NSA's DevX

The cloud was not built for security. As security technologists, historically chasing developers or IT teams around, we may view an upcoming cloud transition or adoption with fear, misunderstanding, or hardship. Perhaps our organization purchased some security product that will make our lives better, but we learn that it doesn't contextualize the mountain of findings in that single pane of glass after all, in fact it gives us more work with less understanding. Now we have a list of things we may not understand and we certainly cannot just hand it to a team and say "fix this."

It does not need to be this way, and it shouldn't be this way. Security has been around a long time, and while its implementation may change, the core principles never do. When I look to the cloud, I see transparent security enforcement, better visibility, increased risk reduction, and a new culture. As security technologists you should feel empowered to support your teams in delivering a better, more secure product, efficiently and at increased velocity. We should be astounded with the speed that a fully patched, hardened workload replaced the vulnerable production instance and how very little human involvement was needed to make it happen.

Tuesday, October 20 - all times are Mountain Daylight Time (UTC-6)

Register for This Session

6:00 - 8:00 pm MDT

Tech Tuesday Workshop: Cloud Security Monitoring and Threat Hunting

Shaun McCullough, @thecybergoof

This workshop is a deep dive into the native services in AWS for gathering, analyzing, and detecting threats. You will be learning about some common attack techniques against Cloud infrastructure, and then investigate how to detect those techniques in AWS using CloudTrail, VPC Flow Logs, Athena and CloudWatch Logs. The goal of this workshop is to gain hands-on experience so that you will leave with confidence that can start detecting potential threats in your own environment.

Wednesday, October 21 - all times are Mountain Daylight Time (UTC-6)

Register for the Sessions Below

5:30 - 5:50 pm MDT

Attacking AWS: the full cyber kill chain

Pawel Rzepa, @Rzepsky, Senior Security Specialist, SecuRing

While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer’s fault. This is why we have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security.

The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I’ll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.

The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.

6:00 - 6:20 pm MDT

Integrating Policy as code into your CI/CD pipeline

Matt Johnson, @Metahertz, Developer Advocate, Bridgecrew

With the growth of cloud and API-driven infrastructure, came infrastructure as code. This movement shifted the management of configuration to a larger and more explicit part of software development. In this talk, we'll cover the possible issues on cloud infrastructure configurations and some practical ways to identify them in your CI/CD pipeline demonstrating using and

6:30 - 6:50 pm MDT

Serverless is the New Black: Common threat vectors, detections, and defenses

Travis Altman, @travis__altman, Cyber Security Leader, OWASP

Industry trends show that serverless architectures are gaining in popularity. Organizations are always on the hunt to save money and leveraging runtime environments instead of virtual servers helps reduce that cost. What happens when organizations change their architecture to this new paradigm? What risks are they introducing and what can they do to protect against these risks?

This talk will perform a deep dive into how attackers are taking advantage of serverless applications and systems. It will go into the various tactics and techniques that have been seen in the wild where threat actors are leveraging common weaknesses within serverless systems to gain a larger foothold within the environment.

This talk will focus on AWS serverless architecture but the core concepts will apply across multiple cloud provider solutions.

7:00-7:20 pm MDT

A Bug Hunters Guide To GCP

Kat Traxler, Security Specialist, Best Buy Co

Google Cloud Platform (GCP) is an eclectic offering of products ranging from IaaS to PaaS and Identity Services. Knowing where to look for flaws on the platform is an art that requires an understanding of the rules of the road. In this talk you’ll hear an overview of what constitutes privilege in GCP and how movement between accounts can occur to obtain privilege. Armed with the knowledge of what an attacker's goal would be, and the mechanisms to get there, we can describe a methodology for documenting escalation paths. There might be a base set of rules on the GCP highway but there are many known and yet to be discovered detours!

Thursday, October 22 - all times are Mountain Daylight Time (UTC-6)

Register For the Sessions Below

5:30 - 5:50 pm MDT

Securing Serverless with Terrascan

Cesar Rodriguez, Head of Developer Advocacy, Accurics

As development teams move to serverless architectures, how does this change the way security is handled vs traditional infrastructure? In this talk we’ll walk through how security controls can be embedded into serverless architectures and how Terrascan, an open source static code analyzer for Infrastructure as Code, can help find security issues in your serverless infrastructure before it's deployed.

6:00 - 6:20 pm MDT

What I have learned writing Prowler

Toni de la Fuente, @toniblyx, Senior Security Consultant, AWS

Prowler is an AWS security assessment Open Source tool that helps cloud security auditors to know the security status of their resources in the AWS cloud. I want to share all what I have learned during the last 3 years, not only in terms of Open Source and such but also around use cases, community, AWS security, AWS services APIs, AWS command line interface and security in general. What mistakes I've made and what would be different if I start it again. This talk will help attendees to make better decisions and fail earlier if they start the journey of building their own security tools.

6:30 - 6:50 pm MDT

Architecting for Threat Hunting

Shaun McCullough, @thecybergoof, Developer

Improve your Threat Hunting success through architecture and operations. This talk will highlight architecture design patterns, DevSecOps pipelines, and the Cloud's automatable infrastructure to mitigate the threat and make attacker behaviors stand out.