The Oracle Awakens: Demystifying Privilege Escalation in the cloud
2024-06-17 , Breakout 2

In this talk, we explore privilege escalation mechanisms and paths within Oracle Cloud. Privilege escalation, the process by which an attacker gains elevated access and permissions beyond those intended by the cloud administrator, poses a significant threat in cloud environments and can significantly aid an attacker or pentester.

Our discussion will focus on identifying privilege escalation paths, understanding how cloud administrators can misconfigure policies, and the methods attackers can use to exploit these vulnerabilities. Through carefully designed scenarios and real-world examples, attendees will learn to recognize signs of privilege escalation, thereby enhancing their security posture.

Felipe Espósito also known as Pr0teus, graduated in Information Technology at UNICAMP and has a master's degree in Systems and Computing Engineering from COPPE-UFRJ, both among the top technology universities in Brazil. He has over ten years of experience in information security and IT, with an emphasis on security monitoring, networking, data visualization, threat hunting, and Cloud Security. Over the last years he has worked as a Security Researcher for Tenchi Security, a Startup focused in third-party risk managemnet, he also presented at respected conferences such as Hackers 2 Hackers Conference, BHACK, BSides (Las Vegas and São Paulo), FISL, Latinoware, SecTor, SANS SIEM Summit, and Defcon's CloudSec and Recon Village.

Information security professional that has done a little bit of everything, but is now focused on Cloud Security at Tenchi. Visit my blog! https://pomba.net