AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

Cloud Village at DEF CON 34

Date:
August 7–9, 2026
Location:
Las Vegas Convention Center, Las Vegas, NV
Conference Cloud Village at DEF CON 34 with Cloud Village official logo in retro computer.

Cloud Village returns to DEF CON 34 as one of the con's most hands-on offensive security spaces, bringing together practitioners focused on cloud attack paths, misconfigurations, and defense across AWS, Azure, and GCP. Bishop Fox is glad to be part of it this year, with two of our consultants leading sessions on the village floor.

Samanta Aranda, Managing Senior Consultant I, will run a fully hands-on workshop on weaponizing CloudFormation, and Leron Gray, Senior Security Consultant II, will lead a lab on extending Azure attack graphing beyond identity with Cirro, the spiritual successor to Stormspotter.

Come find our team on the village floor between sessions — always happy to talk shop about cloud attack paths and what we're seeing in the field.

For more details, visit: Cloud Village.

"Weaponizing CloudFormation"

Speakers: Samanta Aranda, Managing Senior Consultant I, Bishop Fox

Date/Time: Friday, August 7 | 11:00 AM–1:00 PM PT

Location: Zone A, Room 312

Abstract: In this fully hands-on offensive cloud security workshop, attendees will start with limited IAM permissions and learn to identify and exploit misconfigured CloudFormation execution roles using iam:PassRole, service roles, and Lambda-backed Custom Resources. Participants will weaponize CloudFormation templates to build persistence inside service-scoped IAM paths without needing direct administrative access.

The workshop digs into realistic cloud attack paths, delegated execution abuse, and the risks introduced by over-permissioned automation, along with rollback abuse scenarios and how these attacks surface in CloudTrail and IAM logs.

"Attack and Tools Lab: Cirro — Extending Your Azure Graph Beyond Identities"

Speakers: Leron Gray, Senior Security Consultant II, Bishop Fox

Date/Time: Friday, August 7 | 4:00–6:00 PM PT

Location: Zone A, Room 312

Abstract: Most Azure graph analysis tooling focuses on identity relationships — users, groups, service principals, role assignments. Modern Azure environments hold far more exploitable context in infrastructure, platform services, application configs, network relationships, managed identities, and data-plane resources.

Cirro, the spiritual successor to Stormspotter, is an attack graphing tool that models Azure environments by combining Microsoft Graph identity data with Azure Resource Manager infrastructure data — mapping resources into Neo4j for deeper attack path and misconfiguration analysis. This lab walks through Cirro's collection, ingestion, and analysis workflow. Attendees will enumerate and assess an Azure tenant, run Cypher queries, and use custom dashboards to interpret graph data.

Prerequisites: Docker/Podman Compose, Azure CLI, a web browser, and a SQLite3 browser. Fundamental knowledge of Cypher is recommended but not required.


Bfx25 Samanta Bio

About the speaker, Samanta Aranda

Managing Senior Consultant I

Passionate about cybersecurity, Samanta is a Managing Senior Consultant at Bishop Fox. With a background in Electronics and Communications Engineering and a Master’s in Computer Science and Technology Management, she brings over a decade of experience helping global organizations strengthen their security posture. She holds 16 professional certifications and was honored by EC-Council as part of its Circle of Excellence in 2021.


Leron Gray Headshot BF

About the speaker, Leron Gray

Senior Security Consultant - Red Team

Leron Gray is a Senior Security Consultant II on Bishop Fox's Red Team. He previously worked at Microsoft on the Azure Red Team and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

Ready to get started? We can help.

Contact Us