Offensive Cloud Security Workshop

Back to the list of Speakers and Sessions
The workshop is tailored towards individuals who have some experience with “the Cloud”, seeking to improve their proficiency at assessing the security of cloud hosted applications and infrastructures.

While security awareness and collective experience regarding the Cloud has been steadily improving, one common difficulty is applying theoretical knowledge to real-life scenarios. The workshop’s goal is to help attendees bridge this gap by understanding how conventional technologies integrate with Cloud solutions. Attendees will experience first-hand how security vectors that exist in such ecosystems present opportunities for compromise.

The workshop will include:

  • Introduction to the Cloud
    • Overview of AWS, Azure & GCP
    • Differences, similarities and important characteristics
  • Overview of security in the [multi-]Cloud
    • Identity and Access Management (IAM), Metadata Services and Credentials
    • Networking and firewalls
  • Scenarios
    • GCP – Leveraging CI/CD systems to gain a foothold into Cloud environments
      • Attendees will gain a foothold into a CI/CD environment, and leverage this initial compromise to access a number of cloud environments.
    • AWS – Lateral movement and privilege escalation
      • This scenario will have attendees move laterally to gain access to additional sensitive resources not accessible through the initial compromise.
    • Azure – Compromising Azure Applications
      • This scenario will introduce attendees to Azure's implementation of programmatic identities, and highlight how design choices present an opportunity for abuse.

The scenarios are based on NCC Group's research, incident response experience and on the knowledge acquired through countless cloud assessments carried out every year.

Participants should bring:

Attendees will be provided access to instances with all the required tooling. All they need is a SSH client to access the instances.

Participants must know or have:

Attendees should have some experience with a major Cloud provider (AWS, Azure, GCP), and be proficient at assessing the security of applications and infrastructures (not necessarily cloud hosted).