Our new SANS research takes you inside the minds & methods of modern adversaries. Get the report ›

Penetrating the Cloud: Uncovering Unknown Vulnerabilities

Seth Art, Principal Security Consultant at Bishop Fox, and Nate Robb, Senior Operator at Bishop Fox, discuss two distinct ways (zero-knowledge & assumed-breach perspectives) to proactively identify, understand, and mitigate the most impactful vulnerabilities lurking in your cloud environment.

Penetrating the Cloud: Uncovering Unknown Vulnerabilities

For an increasing number of organizations, the explosion in attack surfaces has reached unmanageable levels amid the widespread adoption of cloud services. In fact, 79% of companies have experienced at least one cloud data breach in the last 18 months, often due to unknown vulnerabilities.

One of the key challenges in the unprecedented growth in cloud infrastructure is understanding which vulnerabilities and misconfigurations are the most exploitable and impactful. While many organizations spend a lot of time fixing the issues they can easily identify with tools, tools have limitations and often do not operate in the same vein as a hacker. Uniquely, an offensive security approach offers the ability to identify the type of attack paths that a malicious attacker will actually take and, therefore, better prepare against.

This session offers two distinct ways (zero-knowledge & assumed-breach perspectives) to proactively identify, understand, and mitigate the most impactful vulnerabilities lurking in your cloud environment.

Seth Art, Principal Security Consultant at Bishop Fox, and Nate Robb, Senior Operator at Bishop Fox, discuss:

• How hackers can gain access to cloud environments (even when they aren’t targeting them)

• The methodology of exploiting cloud vulnerabilities through cloud penetration testing with an assumed breach mindset

• Actual Bishop Fox findings and real-world examples from both viewpoints

• Actionable key takeaways and recommendations to implement today

Learn more about Bishop Fox's Cloud Penetration Testing Services


Seth art

About the author, Seth Art

Principal Security Consultant

Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on penetration testing cloud environments, Kubernetes clusters, and traditional internal networks.

Seth is the author of multiple open-source projects including IAM Vulnerable, Bad Pods, celeryStalk, and PyCodeInjection, has presented at security conferences, including DerbyCon and BSidesDC, published multiple CVEs, and is the founder of IthacaSec, a security meetup in upstate NY.

More by Seth

Nate Robb

About the author, Nate Robb

Operator

Nate Robb is a Security Associate at Bishop Fox, where he works as an Operator for Cosmos (formerly CAST). Prior to coming to Bishop Fox, he held roles as a security consultant and spent time as a full-time bug bounty hunter, where he worked to secure Fortune 500 companies, state and Federal Agencies, and small and medium-sized businesses

More by Nate

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.