IAM The One Who Knocks

Presented at Black Hat USA 2022, Aug. 10, 2022, 11:20 a.m. (40 minutes).

As organizations start their cloud journey, many are looking at leveraging multi-cloud for their infrastructure. Although this gives teams great flexibility in building their environments, each service provider has a unique paradigm for configuring and managing the configuration of resources, identities, and access permissions. For enterprises, multi-cloud environments make enforcing least-privileged access challenging, requiring new rules and permissions that are unique to each cloud environment. Implementing the least privilege model is much more difficult in the public cloud than on-premises.<br><br>This talk presents the hidden risks of managing identities and access in a multi-cloud environment. We will expose access flaws and misconfigurations that attackers can easily abuse to gain access to confidential and sensitive information. We will discuss the inner workings of each cloud provider's Identity and Access Management (IAM) layers and highlight the differences between each cloud service. We then detail how inconsistent entitlements across cloud resources and services can lead to unintended access and how accountability confusion in the shared responsibility model can enable privilege escalation.<br><br>We finish with our insights on using free, open-source tools that can significantly reduce the attack surface in an enterprise cloud environment and present our "Access Undenied" open-source tool that helps administrators tackle AccessDenied events (Live Demo).<br> <br>We close our talk by supplying actionable steps anyone can follow, providing a cheat-sheet comparison for the three primary cloud services AWS/Azure/GCP.

Presenters:

  • Igal Gofman - Head of Security Research, Ermetic
    Igal Gofman is a Head of Security Research at Ermetic. Igal has a proven track record in cloud security, network security, research-oriented development, and threat intelligence. His research interests include cloud security, operating systems, and active directory. Prior to Ermetic Igal worked at Microsoft, XM-Cyber, and Check Point Software Technologies. Igal has spoken at various leading security conferences including Black Hat and DEF-CON.
  • Noam Dahan - Research Lead, Ermetic
    Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. While this is his first time speaking at Black Hat, it is not his first time in front of a crowd. Noam was a competitive debater and is a former World Debating Champion.

Links:

Similar Presentations: