Jay Chen
Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.
In previous roles, he has researched mobile cloud security and distributed storage security, and Blockchain. Jay has authored 25+ academic and industrial papers.
Session
VMs are among the most frequently deployed resources in every cloud environment. While VMs may not be the most novel cloud technology today, they continue to host many vital cloud workloads. Their widespread use also makes them a prime target for attackers. If a VM is compromised, attackers could exfiltrate sensitive data, hijack computational resources, and obtain the cloud permissions granted to the VM.
This talk will dissect and compare various techniques that attackers may employ to take control over VM instances in AWS, Azure, and GCP. These techniques, mostly relying on the cloud APIs, abuse legitimate cloud features to facilitate malicious activities. For example, updating startup scripts, executing scripts via cloud agents, and pushing SSH keys. If attackers manage to obtain the necessary permissions, they could gain access to a target VM without even needing the VM's login credentials.
We will delve into the specific conditions and configurations across different cloud platforms that could make these techniques possible. Attendees will gain a new perspective of these cloud features and learn the strategies for identifying and mitigating the risks. Join us to explore, brainstorm, and safeguard VM's attack surface.