Cloud Offensive Breach and Risk Assessment (COBRA)

Presented at DEF CON 32 (2024), Aug. 9, 2024, 10 a.m. (105 minutes).

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, CNBAS enables organizations to gain insights into their security posture vulnerabilities. CNBAS is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

Presenters:

• Anand Tiwari
  Anand Tiwari is an information security professional with a strong technical background working as a Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work. He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.
• Harsha Koushik
  Harsha Koushik is a security engineer and researcher, passionate about securing digital systems. Specializing in Cloud-Native Application Platform Protection (CNAPP), tackling emerging cyber threats while working at large scales. Additionally, Harsha hosts the security podcast 'Kernel-Space,' exploring insightful discussions on the latest trends and issues in cybersecurity.

Similar Presentations:

• ToorCon San Diego 17 (2015) / Cloud Insider Threats
• BSidesDC 2016 / Users and Cloud Collide: Understanding Threat Vectors in the Enterprise Cloud Environment
• RVAsec 2019 / Risk Assessment - The Heart of Risk-based Security