2024-08-07 –, Tuscany
Exploring attack paths across AWS, Azure, and GCP. Learn to dissect misconfigurations through graph-mode visualization, map potential attack paths, and implement practical mitigation using open-source tools. Elevate your defense strategy and fortify cloud environments against evolving threats.
Practical demonstration of how the attackers can use misconfigurations based on IAM Permissions across major cloud platforms, including AWS, Azure, and GCP.
Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play using open-source tools through the neo4j/memgraph database to explain some possible attacks using cypher queries.
The heart of the discussion will revolve around practical mitigation approaches tailored to each cloud platform, ensuring a holistic defense strategy using open-source tools and free tools to help organizations increase their security posture. Real-world examples and case studies will illustrate the impact of misconfigurations and how a proactive approach, guided by graph-mode visualization, can significantly enhance security.
By the end of the presentation, participants will be well-equipped to navigate the nuanced landscape of misconfigurations in AWS, Azure, and GCP. This knowledge will empower cloud security professionals to implement effective mitigation strategies, fortifying their cloud environments against evolving cyber threats across diverse platforms. Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play.
During this talk, I intended to cover this:
- Difference between Attack Vector and Attack Path - 3 min
- What is HVT in the Cloud - 3 min
- Cloud Providers IAM - 3 min
- AWS
- Azure
- GCP
- Attack Methods (Demo) - 10 min
- CreatePolicyVersion - AWS
- Attaching Attack - Azure
- Inline Attack - GCP
- Cross-platform attack view - Graph-Mode - 5 min
- Demo - Explanation of how to use Opensource tools - 10 min
- Collecting identities using Cartography and Starbase
- DB - neo4j / Memgraph
- Demo - Mitigation - 8 min
- Show the visibility of identity in Graph-mode
- Next Researches - 3 min
- Attack Path based on Identities Tools and another Clouds
Conclusions
I’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).