Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Bishop Fox to Present at fwd:cloudsec

June 13, 2023
Embassy Suites by Hilton Anaheim South, Anaheim CA
fwd:cloudsec security conference white logo on dark purple background.

Join us at the fwd:cloudsec conference as Bishop Fox Cloud Principal Seth Art presents his session, "CloudFox + CloudFoxable: A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths" on Tuesday, June 13 at 9:20 a.m. PT.

CloudFox + CloudFoxable: A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths

CloudFox helps penetration testers and security professionals find exploitable attack paths in cloud infrastructure. However, what if you want to find and exploit services not yet present in your current environment? What if you lack access to an enterprise AWS environment?

Enter CloudFoxable, an intentionally vulnerable AWS environment created specifically to showcase CloudFox’s capabilities and help you find latent attack paths more effectively. Drawing inspiration from CloudGoat,, and Metasploitable, CloudFoxable provides a wide array of flags and attack paths in a CTF format.

In this talk, we'll demonstrate some of CloudFoxable's CTF challenges that “blur the lines”, including an IAM role that trusts a GitHub repository via OIDC, an SNS topic with an overly permissive resource policy that leads to remote code execution, and an exploit path that leads from a vulnerable AWS OpenSearch domain to a private GitHub repository with the flag.

Seth art

About the speaker, Seth Art

Principal Security Consultant

Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on penetration testing cloud environments, Kubernetes clusters, and traditional internal networks.

Seth is the author of multiple open-source projects including CloudFox, CloudFoxable, IAM Vulnerable, Bad Pods, celeryStalk, and PyCodeInjection. He has presented at security conferences, including fwd:cloudsec, DerbyCon, and BSidesDC, published multiple CVEs, and is the founder of IthacaSec, a security meetup in upstate NY.

More by Seth

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.