We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Bryce Kunz - Cloud Red Teaming
Learn how Cloud Red Teaming detects vulnerabilities in cloud infrastructure by simulating an attacker's perspective, identifying misconfigured cloud services and vulnerable resources, and exploiting them using a redirector and CloudFormation templates.
- Red teaming is a way to identify vulnerabilities in cloud infrastructure by simulating an attacker’s perspective.
- Enumerating S3 buckets and identifying vulnerable resources is a common technique.
- Misconfigured cloud services, such as S3 buckets without valid bucket names, can be exploited.
- CloudFormation templates can be used to deploy malicious applications.
- Using a redirector to forward requests to an S3 bucket can bypass security controls.
- Cloud service providers often have APIs that can be used to authenticate and access resources.
- Domain Fronting can be used to route requests to an attacker-controlled server.
- Two-factor authentication can be bypassed using stolen credentials.
- Red teaming can help identify vulnerable resources and misconfigured cloud services.
- Ultraviolet is a combination of the red teaming methodology and the cloud provider’s infrastructure.
- Cloud red teaming can be used to identify vulnerabilities in a cloud environment.
- Penetration testing can be used to identify vulnerabilities in a cloud environment.
- Red teaming can help identify misconfigured cloud services and vulnerable resources.
- Using a CloudFormation template to deploy a malicious application can bypass security controls.
- CloudFormation templates can be used to deploy malicious applications without triggering security alerts.
- Misconfigured cloud services can be exploited using a redirector and a CloudFormation template.
- Red teaming can be used to identify vulnerabilities in a cloud environment before an attacker can exploit them.