Offensive Operations, Cloud Security
Explore content featuring this instructor’s insights and expertise.
Our containers workshop will be a two-hour workshop that will focus on how we can assess vulnerabilities in containers. As containers are part of the modern software stack, your company may use containers locally on a system and remotely on servers. Containers can be deployed on stand-alone servers, to a container service like AWS ECS, and on orchestration technologies like Kubernetes. Given how ubiquitous containers are, you will likely either be working with or attacking them at some point in your career.
Identities are the foundational cornerstone of many environments. Identity is typically the front door for web, infrastructure portals, and VPN services. Most organizations should implement additional countermeasures to prevent attackers from breaking into an organization. The perimeter of many environments is de-facto users’ identities. How you protect those identities is critical. Understanding how to attack identities is crucial for those who emulate attack groups.
Public Cloud Environments can make things, well, rather public. While there are ways to prevent this, and the cloud providers have made strides, retroactive changes are not a thing. As such, we still find very poorly configured environments today.
The idea of DevSecOps, the term the industry had initially decided on for the work between the Application and Operations teams, was coined 15 years ago. To give perspective, the iPhone 3GS came out that year. If we think of what we had to work with in 2009, we now know in hindsight that we have better options, solutions, software, and patterns. We have an iPhone 15; we no longer have BlackBerry OS or Nokia. Windows 8.1? I hope not.Here are a few questions we will be reviewing during this solutions track:- How has DevSecOps and Application Security changed since then?- Where do we fit in?- Should we be more or less hopeful?We think we are in a much better place and in this forum, we will show you how it’s become better. Join the 5th annual DevSecOps & Application Security Track to listen to a curated list of talks to help stimulate thought and actionable solutions for you to implement in your organization.Forum Highlights: Discover how industry leading technologies and techniques can your ability to better secure you development and application environments Learn from industry leaders as they dive into cutting-edge use case studies and specific examplesInteract with the SANS chair Moses Frost, speakers and peers in the interactive Slack workspace by posting questions and discussing the forum topic
As a penetration tester, you may be well-versed in your go-to tips, tricks, and tactics for on-premises systems. But what happens when you're tasked with testing new and complex environments like AWS, Azure, Container Workloads, or Kubernetes?
