Cloud service providers (CSPs) offer immense and ever-growing functionality. While this greatly benefits organizations and their business, it also generates a much broader attack-surface compared to traditional application security research.

In this session, we share the methodologies and internally developed strategy we used to successfully uncover multiple critical vulnerabilities and design issues in the core of major CSPs. Covering the whole research process - from choosing a target to exploiting a remote code execution vulnerability on a managed service, we will explain how we found issues that affected thousands of cloud customers and organizations.

We will dive into the bits and bytes of some of our major findings (ChaosDB, OMIGOD, AWS confused deputy vulnerabilities, ExtraReplica and more), explain our mindset and approach and discuss common pitfalls to avoid performing a security audit of a target. Attendees should expect to better understand the fundamentals behind real-world cloud security exploits and gain practical tools to enhance their own independent cloud security research.