Common Cloud Vulnerabilities with Walkthroughs

Technical walkthroughs of common cloud application and environment vulnerabilities. Demonstrations of vulnerable systems in a cloud, how attackers exploit them, and preventative recommendations.

Technical walkthroughs will include vulnerabilities such as

SSRF (Server-side Request Forgery) - Impacts such as metadata URL leaks and internal VPC network scanning

Insecure object storage - Why this is still an issue and newer mitigating controls today

API key theft and backdoors to watch out for - How a backdoor is installed and what to look for in a compromised account

IAM permission pitfalls - Mistakes made by customers responsibility policies that permit unexpected actions

Supply chain (e.g. third party library) dependency exploits

Working examples of these vulnerabilities will be demoed along with recommendations on preventative measures.