Offensive Operations, Cloud Security
Explore content featuring this instructor’s insights and expertise.
As a penetration tester, you may be well-versed in your go-to tips, tricks, and tactics for on-premises systems. But what happens when you're tasked with testing new and complex environments like AWS, Azure, Container Workloads, or Kubernetes?
The idea of DevOps, the term the industry had initially decided on for the work between the Application and Operations teams, was coined 15 years ago. To give perspective, the iPhone 3GS came out that year.
Public Cloud Environments can make things, well, rather public. While there are ways to prevent this, and the cloud providers have made strides, retroactive changes are not a thing. As such, we still find very poorly configured environments today.
Identities are the foundational cornerstone of many environments. Identity is typically the front door for web, infrastructure portals, and VPN services. Most organizations should implement additional countermeasures to prevent attackers from breaking into an organization. The perimeter of many environments is de-facto users’ identities. How you protect those identities is critical. Understanding how to attack identities is crucial for those who emulate attack groups.
Our containers workshop will be a two-hour workshop that will focus on how we can assess vulnerabilities in containers. As containers are part of the modern software stack, your company may use containers locally on a system and remotely on servers. Containers can be deployed on stand-alone servers, to a container service like AWS ECS, and on orchestration technologies like Kubernetes. Given how ubiquitous containers are, you will likely either be working with or attacking them at some point in your career.