Slide 51
Slide 51 text
In closing
▪ As we started with and if it’s evident now, the most common theme is the misconfiguration of
services, insecure programming and permissions that should not have been
▪ Reconnaissance and OSINT is the key for a lot of cloud services and applications. When
attacking apps and servers, it is important to identify key DNS, whois, IP history and sub-domain
information
▪ Post exploitation has no limits with the cloud. You can attack additional services, disrupt
logging, make code changes to attack users – Your imagination (and the agreement with your
client) is the limit ☺
▪ There are a ton of tools that security folks have written on GitHub and a lot of work is being
done in the attack and exploitation areas.
▪ The key to learning to attack is to Setup > Break > Learn > Repeat