Cloud infrastructure security is an oft-neglected topic when businesses invest in securing their web apps. Ensuring that a once-secured environment remains secure is even more challenging. In our presentation, we’ll demonstrate common types of attacks against cloud infrastructure, taking the example of AWS. We show how scarily easy it is to attack misconfigured services such as AWS Security Groups, databases, S3 buckets and Network ACLs. After our demonstration of the exploits, we'll discuss techniques for automated scanning of various AWS services and resources.
Presented at Security Fest 2022.Speakers: Krishnaa Srinivasa, Maithri Nadig
Maithri is a security intern at Deep Armor. She has strong expertise in web application and cloud security. Maithri not only enjoys writing code (python and JS), but also hacking web apps (Burp Suite for the win!). Maithri, along with Krishnaa Srinivasa, are the technical leaders of the cloud infrastructure security project at Deep Armor. She recently presented her work at the Wicked6 virtual security summit. Outside of work, Maithri enjoys exploring new places and is keen to acquire more knowledge on food science.