Attacking and Defending Infrastructure with Terraform: How we got admin across cloud environments

Presented at BSidesSF 2022 Rescheduled, June 5, 2022, 3:30 p.m. (50 minutes).

In this talk we'll demonstrate how to attack Terraform Enterprise and Terraform Cloud to exfiltrate secrets and deploy malicious applications and infrastructure into production cloud environments undetected. Then we'll show you how we worked with HashiCorp to best mitigate it.

Presenters:

• Mike Ruth - Brex
  Mike is a Staff Security Engineer at Brex, where he helps in securing one of the world’s best Financial Technology platforms. Previously the technical lead for Infrastructure Security at Cruise, Mike has over a decade of experience securing, designing, and deploying cloud infrastructure and enterprise storage systems.
• Francisco Oca - Robinhood
  Francisco Oca is an Offensive Security Engineer at Robinhood. He has been in infosec for more than a decade, working on security tools development, pentesting, malware analysis, vulnerability research and red teaming. He co-authored Ponce, winner of the 2016 HexRays IDA Pro Plug-In contest.

Links:

• https://bsidessf2022.sched.com/event/rjqo/attacking-and-defending-infrastructure-with-terraform-how-we-got-admin-across-cloud-environments

Similar Presentations:

• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting
• DEF CON 30 (2022) / Cloud Threat Actors: No longer cryptojacking for fun and profit
• Kernelcon 2023 / Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access