BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//QX9JKL
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-ABKXN7@pretalx.com
DTSTART;TZID=CET:20260507T141000
DTEND;TZID=CET:20260507T145000
DESCRIPTION:As organizations migrate to the cloud\, threat actors' exfiltra
 tion tactics and techniques evolved and targeted the architectural boundar
 ies of cloud service models (SaaS\, PaaS\, IaaS). Each service model prese
 nts different exfiltration options as the responsibility shifts between cl
 oud providers and customers\, creating distinct attack surfaces that threa
 t actors use for exfiltration.\n\nDrawing on hundreds of real-world cases 
 from CrowdStrike incident response and threat hunting\, this talk moves pa
 st the theory to showcase exfiltration techniques that catch even seasoned
  defenders off guard. We'll dive into:\n\n- SaaS Stealth: Abusing Microsof
 t 365 via third-party apps and silently exfiltrating DocuSign documents us
 ing sync functionality.\n- The PaaS Pivot: How ETL platforms could be misu
 sed for exfiltration.\n- IaaS Tactics: Infrastructure tampering and cross-
 cloud data transfers. \n\nThis session is designed for the defender who ha
 s the cloud basics covered but wants to know what they might be missing. A
 ttendees will leave with a clear understanding of these evolved exfiltrati
 on paths and most importantly required telemetry and detection ideas.
DTSTAMP:20260412T012038Z
LOCATION:Workshops and Stage - Design Space (C1.05.12)
SUMMARY:In The Wild Cloud Exfiltration Paths You Might Not Expect - Tomas K
 abrt
URL:https://pretalx.com/bsidesluxembourg-2026/talk/ABKXN7/
END:VEVENT
END:VCALENDAR