Hiding in the Clouds - Leveraging Cloud Infrastructure to Evade Detection

Presented at RVAsec 2018, June 7, 2018, 3 p.m. (50 minutes).

Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation. Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed.  Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

Presenters:

  • Mike Hodges - Optiv
    Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking to build new ways to automate attacker evasion.

Links:

Similar Presentations: