Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Cloud & Dev Ops Summit @Night

  • Wednesday, October 21st | 5:30 - 7:20 PM MDTWednesday, October 21, 2020 at 7:30 PM EDT (2020-10-21 23:30:00 UTC)
  • Pawel Rzepa, Matt Johnson, Travis Altman, Kat Traxler

You can now attend the webcast using your mobile device!

  

Overview

Learn to Safeguard Mission-Critical Assets in the Cloud

Protecting information systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Our SANS instructors are among the best cybersecurity instructors in the world and will provide you with guidance and all skills you need to defend your organization from ever-evolving threats. Students will also be able to enjoy live online bonus sessions!

White Space

Agenda

5:30-5:50 pm MDT - Attacking AWS: The Full Cyber Kill Chain

Pawel Rzepa @Rzepsky, Senior Security Specialist, SecuRing

While it is quite common practice to do periodic security assessments of local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. According to Gartner report: through 2022, at least 95% of cloud security failures will be the customer's fault. This is why we have to understand what new threats and risks appeared with the cloud and how we should change our attitude to testing cloud security.

The goal of my presentation is to show how security assessment of cloud infrastructure is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully developed in the AWS environment. I'm going to show whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I'll attach the Jenkins server hosted on EC2 instance to access its metadata and steal the access keys. Using the assigned role, I'll access another AWS service to escalate privileges to administrator and then present how to hide fingerprints in CloudTrail service. Finally, I'll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe other potential, cloud-specific threats, e.g. cryptojacking.

The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of live demo. On the examples of presented attacks, I'll show how to use AWS exploitation framework Pacu and other handy scripts.

White Space

6:00-6:20 pm MDT - Integrating Policy as Code into your CI/CD pipeline

Matt Johnson @metahertz, Developer Advocate, Bridgecrew

With the growth of cloud and API-driven infrastructure, came infrastructure as code. This movement shifted the management of configuration to a larger and more explicit part of software development. In this talk, we'll cover the possible issues on cloud infrastructure configurations and some practical ways to identify them in your CI/CD pipeline demonstrating using https://github.com/bridgecrewio/terragoat and https://github.com/bridgecrewio/checkov.

White Space

6:30-6:50 pm MDT - Serverless is the New Black: Common Threat Vectors, Detections, and Defenses

Travis Altman @travis__altman, Cyber Security Leader, OWASP

Industry trends show that serverless architectures are gaining in popularity. Organizations are always on the hunt to save money and leveraging runtime environments instead of virtual servers helps reduce that cost. What happens when organizations change their architecture to this new paradigm? What risks are they introducing and what can they do to protect against these risks?

This talk will perform a deep dive into how attackers are taking advantage of serverless applications and systems. It will go into the various tactics and techniques that have been seen in the wild where threat actors are leveraging common weaknesses within serverless systems to gain a larger foothold within the environment.

This task will focus on AWS serverless architecture but the core concepts will apply across multiple cloud provider solutions.

White Space

7:00-7:20 pm MDT - A Bug Hunters Guide to GCP

Kat Traxler, Security Specialist, Best Buy Co

Google Cloud Platform (GCP) is an eclectic offering of products ranging from laaS to PaaS and Identity Services. Knowing where to look for flaws on the platform is an art that requires an understanding of the rules of the road. In this talk you'll hear an overview of what constitutes privilege in GCP and how movement between accounts can occur to obtain privilege. Armed with the knowledge of what an attacker's goal would be, and the mechanisms to get there, we can describe a methodology for documenting escalation paths. There might be a base set of rules on the GCP highway but there are many known and yet to be discovered detours!

White Space

Speaker Bios

Pawel Rzepa

Pawel is a senior security consultant in SecuRing. On his daily basis he is responsible for performing penetration tests and cloud security assessments. He has a wide experience in security field gained inter alia, as a fuzzer developer in Spirent, pentester in EY GSS, security auditor in Credit Agricole or threat analyst in IBM SOC. His skills are proven by gaining OSCP, eMAPT, AWS SAA and AWS CSS certificates. Pawel actively supports OWASP community by arranging local OWASP chapter meetings in Wroclaw.


Matt Johnson

Matt Johnson is a Developer Advocate for Bridgecrew.io, based in not-so-sunny Manchester, UK, he helps DeOps teams simplify, automate and improve their infrastructure security. Coming from a security and platform automation background, formerly at Cisco, he is excited by the disruptive power of Infrastructure as Code, container and serverless orchestration in bringing scalable, cost-effective IT to companies of all sizes, while also building awareness of the security challenges these new capabilities bring. Outside of work, he is learning to fly, and enjoys travel, aviation, rugby, steak and a growing whisky collection!


Travis Altman

Travis has spent many moons in the cyber security field helping various organizations battle in cyber warfare protecting them against malicious threat actors across the globe. He has a passion for helping others learn, succeed, and grow within the cyber security space.


Kat Traxler

Kat Traxler is a Security Professional in the Twin Cities performing penetration testing, security architecture and research in the areas of Web Security, IAM, Payment Technologies and Cloud Native Technologies.  She has been a proud SANS facilitator since 2016 and currently holds GIAC-GSEC, GIAC-GCWN and GIAC-GDAT certifications. Kat Traxler is obsessed with the attack surface at the confluence of Identity and Cloud Platform APIs and thinks you should be too.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.