2025-08-04 –, Tuscany
In an era where digital transformation has integrated multi-cloud environments into the core of business operations, security demands have escalated exponentially. This talk, "Machine Identity & Attack Path: The Danger of Misconfigurations," addresses the pressing challenges and threats within these diverse cloud setups. Attendees will deepen their understanding of how attackers exploit vulnerabilities stemming from misconfigured security measures and inadequately managed machine identities.
The presentation focuses on the intricate dynamics of attack vectors, surfaces, and paths, providing actionable insights to reinforce cloud infrastructures. With a spotlight on innovative open-source tools such as SecBridge, Cartography, and AWSPX, participants will discover how to map environments effectively, visualize IAM permissions, and enhance security tool integrations for robust cloud operations.
This session caters to cybersecurity professionals, cloud architects, and IT managers seeking knowledge and strategies to protect digital assets amidst a complex multi-cloud landscape. Join us to explore cutting-edge solutions and safeguard your organization against the evolving security needs of contemporary cloud ecosystems.
In today’s rapidly advancing digital environment, securing multi-cloud infrastructures has become more crucial than ever. "Machine Identity & Attack Path: The Danger of Misconfigurations" addresses the complexities and emerging threats inherent in managing multi-cloud setups. This talk will equip attendees with comprehensive insights into how attackers leverage vulnerabilities caused by misconfigured security protocols and the improper handling of machine identities.
The session begins by laying out fundamental concepts such as machine identity, attack vectors, surfaces, and paths, clarifying how each element contributes to potential security breaches. Participants will gain a thorough understanding of attack paths, crucial for tracking potential attack routes within cloud environments.
Leveraging graph-based visualization tools, like SecBridge, Cartography, and AWSPX, this presentation will demonstrate how to map complex environments and visualize access permissions effectively. This approach not only aids in understanding potential vulnerabilities but also strengthens security postures across different cloud platforms.
The discussion extends to cloud-specific attacks, identifying typical vulnerabilities within AWS, OCI, GCP, and Azure. Attendees will be guided through mitigation strategies using best practices and the latest open-source tools to secure multi-cloud architectures effectively.
This talk is vital for cybersecurity professionals, cloud architects, and IT managers aiming to safeguard their organizations' digital assets. Explore innovative strategies to address the critical security needs of today’s multi-cloud ecosystems and ensure robust defense mechanisms in these dynamic environments.
I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura, Red Team Village Director, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).