Cloud security for the network security engineer, or why it’s all just so wrong these days.

Presented at CactusCon 12 (2024), Feb. 16, 2024, 3 p.m. (60 minutes).

This talk will be an introductory explanation of the philosophical differences between traditional, on premise network security and cloud security, complete with a live cloud account compromise. It is directed at both the home hacker who wants to configure a cloud lab and the experienced network security engineer who just found out their company signed an agreement with AWS. We start on the defensive side of the equation, describing how cloud computing and the shared responsibility model fundamentally changes how you can think about network security. Or more directly, how do you model security when your threat has the same access you have? In answer to that question I pivot to root user hygiene and proper support preparedness. From there, we turn to the offensive side. I consider the traditional path privilege escalation, persist and pivot, and then contrast it with the cloud version, which often allows you to pivot directly from an application vulnerability directly to control plane (hypervisor) access. Finally, because slides are boring, there will be a live demonstration of compromising a cloud application followed by a pivot to direct access to what are supposedly private storage buckets.

Presenters:

  • Ben From KC - Security and Platform Engineer for Recon InfoSec; Cat herder for SecKC
    My official title is Security and Platform Engineer at Recon InfoSec where I work to keep the lights all blinking in the right order. I have some certifications (CISSP, CCSK, AWS Certified Specialty - Security) which indicate I’m able to test pretty well. What gives me perspective on cloud topics is that over a 26 year history of working in various IT and security roles, I’ve managed to split my time almost exactly between infrastructure and development. This experience gives me a lot of context for understanding not only cloud architecture, but the people who work on it, defend it, and break it. I’ve also done a bit of work with the fine folks from SecKC, and you might see me hanging around online as BenFromKC.

Links:

Similar Presentations: