Exploitation and automated detection of threats to modern cloud infrastructure

Cloud infrastructure security is an oft-neglected topic when businesses invest in securing their web apps. Ensuring that a once-secured environment remains secure is even more challenging. In our presentation, we’ll demonstrate common types of attacks against cloud infrastructure, taking the example of AWS. We show how scarily easy it is to attack misconfigured services such as AWS Security Groups, databases, S3 buckets and Network ACLs. After our demonstration of the exploits, we'll discuss techniques for automated scanning of various AWS services and resources.

Presented at Security Fest 2022.

Speakers: Krishnaa Srinivasa, Maithri Nadig
 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.