Lior Zatlavi
Lior Zatlavi has over 15 years of experience in cyber security, having spent most of that time working as a security architect, product manager and developer for the Israeli government. Lior served in an elite cyber security unit of the IDF (retired Major) after which he worked in a cyber security division of Israel’s Prime Minister’s Office.
After leaving the public sector, Lior worked as an independent consultant specializing in Cloud security and identity management.
Lior holds a B.Sc in Applied Mathematics from Bar Ilan university (Cum Laude) and an M.Sc in Electrical Engineering from Tel Aviv university.
Session
Most of us know IMDS as a tool for seamlessly maintaining and supplying credentials for applications running on instances to access resources in cloud environments. However, a deep understanding of IMDS implementations across cloud providers is what separates the security novices from the advanced practitioners - and can be crucial for the security of your cloud environment.
During this talk we’ll take a deep dive into the protections offered by different cloud service providers for the IMDS used by computing instances, and how they have evolved over time. We’ll demonstrate how these mechanisms could mean the difference between a critical and non-critical vulnerability, through the story of a real-life vulnerability we found in a leading cloud provider. We’ll talk about the customer’s part of the shared responsibility model in this context - and how that must evolve as well.
We’ll demonstrate how vulnerable software may be leveraged by an attacker to gain access to credentials and talk about the kind of compensating controls which may be used to mitigate this risk.