One Week Only! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off with OnDemand or vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Attacking and Defending Cloud Metadata Services

  • Wednesday, October 30th, 2019 at 10:30 AM EDT (14:30:00 UTC)
  • Eric Johnson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Cloud Metadata Services have been exploited by attackers in order to gain direct access to an organizations cloud resources. The Capital One breach notification published in July put a spotlight on the metadata service and its weaknesses. Join Eric Johnson for a walk through of the publicly available information from the breach. We will demonstrate how the attacker compromised AWS instance metadata credentials, gained access to privileged resources, and exfiltrated data from the account. The conversation then shifts to a post mortem discussion about cloud security controls that could have prevented or limited the blast radius of the attack.

Speaker Bio

Eric Johnson

Eric Johnson, the Application Security Curriculum product manager at SANS, is the lead author and instructor for DEV544 Secure Coding in .NET: Developing Defensible Applications, as well as an instructor for DEV541 Secure Coding in Java/JEE: Developing Defensible Applications. A senior security consultant at Cypress Data Defense, Eric’s experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research and developing security tools. He currently holds the CISSP, GWAPT, GSSP-.NET and GSSP-Java certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.