Presented at BSidesCT 2020
In light of the increasing adoption of cloud computing, there have has been broad coverage of the compromise of customer environments in the cloud. In both popular and technical literature however, there has been a focus on the most egregious, simplest breaches (i.e open S3 buckets). However, deeper analysis shows a much broader variety of tactics currently exploited by attackers and researchers to compromise cloud environments.
This talk will, with a focus on AWS, discuss over a dozen different public breaches. We'll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.