Cloud infrastructure security is an oft-neglected topic when businesses invest in securing their web apps. Ensuring that a once-secured environment remains secure is even more challenging. In our presentation, we’ll demonstrate common types of attacks against cloud infrastructure, taking the example of AWS. We show how scarily easy it is to attack misconfigured services such as AWS Security Groups, databases, S3 buckets and Network ACLs. After our demonstration of the exploits, we'll discuss techniques for automated scanning of various AWS services and resources.
Presented at Security Fest 2022.
Speakers: Krishnaa Srinivasa, Maithri NadigKrishnaa is a security intern at Deep Armor. She is skilled in cloud security topics, and has extensively researched threats against modern cloud platforms (especially AWS). She enjoys Python and JavaScript programming, and can whip up a fully functioning React app in an afternoon. Krishnaa and Maithri Nadig are the technical leaders of the cloud infrastructure security project at Deep Armor. While she's not hacking away, Krishnaa enjoys reading, meditating and volunteering to teach science to underprivileged children.
Maithri is a security intern at Deep Armor. She has strong expertise in web application and cloud security. Maithri not only enjoys writing code (python and JS), but also hacking web apps (Burp Suite for the win!). Maithri, along with Krishnaa Srinivasa, are the technical leaders of the cloud infrastructure security project at Deep Armor. She recently presented her work at the Wicked6 virtual security summit. Outside of work, Maithri enjoys exploring new places and is keen to acquire more knowledge on food science.