Cloud Attack Vectors: Expert Techniques for Finding Critical Vulnerabilities
In this session, we take a deep dive into the cloud's underbelly, exploring its vulnerabilities and exploiting its weaknesses.
Summary:
Journey into advanced cloud exploitation with DEFCON 31's expert panel, Matt Johansen from Reddit, Andrew Martin from Controlplane, and Moses Frost from Neuvik as they reveal sophisticated techniques for identifying and exploiting cloud vulnerabilities. This session pulls back the curtain on how skilled attackers target cloud environments, demonstrating real-world techniques for discovering misconfigurations, navigating complex cloud architectures, and executing controlled exploits. Learn how to think like an attacker to better defend your cloud infrastructure.
Key Takeaways:
- Advanced cloud exploitation techniques
- Common misconfiguration patterns and detection methods
- Privilege escalation paths in cloud environments
- Identity and access management weaknesses
- Container escape techniques and preventions
- Cross-account attack vectors
- Cloud service-specific vulnerability patterns
- Methodologies for responsible testing
- Strategic remediation approaches
Who Should Watch:
- Cloud Security Engineers
- DevSecOps Professionals
- Security Architects
- Penetration Testers
- Red Team Operators
- Cloud Platform Engineers
- Security Program Managers
- Risk Assessment Specialists
Perfect for both offensive security professionals looking to enhance their cloud testing capabilities and defensive teams seeking to understand and protect against sophisticated cloud attacks.