Scott Weston
Scott is a Labs Researcher at NetSPI. He has performed work in the past regarding open source tooling for AWS as well as GCP. He has spoken at past conferences including fwd:cloudsec and the Defcon Cloud Village. He has published a tool called gcpwn for GCP enumeration and pentesting. He is originally from the Southern California area and is currently working out of Minnesota. In his spare time he enjoys soccer/basketball, or pursuing interesting research-oriented tasks in cloud-based technologies.
Session
Oracle Cloud Infrastructure has some really interesting IAM quirks compared to AWS and GCP. Its sentence-style policies, tenancy and compartment hierarchy, and identity domain model can make it harder to quickly understand who has access to what — and where privilege escalation paths may exist. To help tackle this, I built a suite of OCI security tools, including an ANTLR-based IAM policy parser (oci-lexer-parser), a Burp Suite request-signing plugin (OCISigner), and an enumeration and graphing framework (OCInferno).
This lightning talk is a quick tour of OCInferno, an open-source OCI reconnaissance framework that uses OpenGraph for BloodHound-style attack path analysis. I’m sure everyone has heard of IMDS abuse, leaked creds, and the usual cloud attack path greatest hits. Instead of making one of those the focus, I’ll cover OCI-specific identity domain concepts, how they fit into attack path graphing, and how OCI can introduce movement patterns that do not always map cleanly to AWS or GCP.