Cloud Penetration Testing

  • Wednesday, 16 Sep 2020 7:00PM EDT (16 Sep 2020 23:00 UTC)
  • Speaker: Moses Frost

Our 2 hour workshop is designed to provide a starting point for potential Cloud Penetration Testing Course participants. In this workshop we will be discussing some of the common pitfalls that we have been observing in the wild as it pertains to cloud architectures. There are several tools and techniques that we discuss in this workshop that are not discussed in class but showcase the common pitfalls we encounter when architecting, designing, and even testing cloud environments. In this talk we show how attackers can move data laterally, how identity on systems can be abused, and how we can build tooling closer to our targets to provide a landing point that is more efficient for both testing and operations. We will also be discussing the role that Containers and Cloud Native Applications play in attacker simulations and showcase container breakout strategies.