SnowGoat: Exposing Hidden Security Risks and Leaking Data Like a Threat Actor

Presented at DEF CON 33 (2025), Aug. 8, 2025, 9 a.m. (240 minutes).

Join us for an engaging and interactive workshop where we delve into the hidden risks within your configurations in Snowflake. This intermediate-level session is designed to provide hands-on experience with vulnerable and misconfigured environments, utilizing plug-and-play Terraform scripts and your free-tier Snowflake and AWS accounts. Attendees will explore the UNC5337 data-theft and extortion campaign, and other common Snowflake misconfigurations and risks through a fun and interactive "Capture The Flag" (CTF) style attack scenario, with the main objective of leaking sensitive data from Snowflake. Key Topics: -Snowflake as a data-lake service and common security pitfalls. -UNC5337 Data-Theft and Extortion Campaign: Gain insights into real-world cyber threats and how they operate. -Solve problems and bypass misconfigured security mechanisms. -Learn about data-related risks that could lead to a data breach. Technical Level: Intermediate Learning Outcomes: By the end of this workshop, attendees will: -Understand best practices for securing configurations in Snowflake. -Gain practical experience in identifying and mitigating unsecured configurations. -Gain knowledge to handle real-world cyber threats effectively.

Presenters:

• Lior Adar - Cloud Security Researcher at Varonis
  Lior is a senior security researcher at Varonis and a passionate security enthusiast with a broad background in red team operations, penetration testing, incident response, and advanced security research. With experience at Palo Alto Networks and Team8, Lior has enhanced his expertise in cybersecurity research across multiple domains, including various cloud providers and SaaS platforms. Known for contributing to the LOLBAS project, he specializes in evaluating emerging threats and analyzing data signals, combining a hands-on approach with a deep understanding of attacker perspective.
• Chen Levy Ben Aroy - Cloud Security Research Team Lead at Varonis
  Chen Levy Ben Aroy is a distinguished cybersecurity leader with a proven track record in cloud security, penetration testing, and red teaming. As a Cloud Security Research Team Lead at Varonis, Chen spearheads cutting-edge security research and innovation across multiple cloud-providers and platforms. His previous roles at well-known enterprises, such as Prosche Digital and ABInbev, showcased his expertise in advanced malware development and strategic project management. With a robust background in a wide array of cybersecurity domains, Chen's visionary approach and technical acumen make him a sought-after expert in the industry.