2026-06-02 –, Room 1
As organizations scale their cloud presence, the complexity of data movement grows exponentially. Modern cloud architectures rely on a "configure and forget" approach for streaming sensitive data. But what if the trust established at the moment of configuration is static, while the cloud environment itself is dynamic?
This session introduces a novel data hijacking technique targeting a systematic architectural flaw present across multiple major cloud providers. Our research reveals a critical decoupling between service configurations and resource ownership verification. We have identified an attack technique where high-value data streams continue to honor original routing instructions even when the destination environment undergoes fundamental changes in ownership or state.
By analyzing multiple services across different cloud ecosystems, we show that this isn't a localized bug, but a shared architectural blind spot in how cloud providers handle resource identity, making this attack technique relevant for multiple services and multiple cloud providers.
Attendees will gain insight into how fundamental architectural design choices made by cloud providers directly influence the security boundaries of their environments. A key takeaway is that while cloud platforms are often viewed as distinct ecosystems, their shared design decisions allow identical attack techniques to be applied across providers, turning a specific architectural observation into a cross-cloud exploitation methodology.
Yahav Festinger is a Cloud Security Researcher at Palo Alto Networks. As a key member of the Cloud Detection and Response (CDR) team, their work focuses on identifying novel attack vectors and tracking adversaries in real-time. Their career in security began at the national center for encryption and information security in the IDF, where they focused on web and cloud research, building a strong foundation in offensive and defensive security principles. With this background, Yahav combines rigorous technical analysis with a data-driven approach to identify attackers effectively.