Hacking the Hybrid Cloud

Presented at DEF CON 28 (2020) Virtual, Aug. 6, 2020, 12:30 p.m. (30 minutes)

Most companies have moved into the cloud and on-premises applications and systems remain. This configuration is reasonably referred to as "hybrid"; in the cloud and not at the same time. Hybrid cloud requires integration and communication between the remaining on-prem infrastructure and the new(er) cloud services. This talk describes several scenarios that appear to subvert typical security and protections which involve federation configuration, Identity Access Management (IAM), and interaction between SaaS and IaaS in the Microsoft Cloud.

Presenters:

  • Sean Metcalf - CTO, Trimarc
    Sean Metcalf is founder and CTO at Trimarc (www.TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory & Microsoft Cloud attack and defense at security conferences such as Black Hat, BSides, DEF CON, and DerbyCon. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog, ADSecurity.org. @Pyrotek3

Links:

Similar Presentations: