cloudvillage
10 articles tagged with #cloudvillage
Attacking Modern Environments Series: Attack Vectors on Terraform Environments
Terraform is a popular IAC orchestrator that is widely used for standardising and executing infrastructure deployments, but since it has privileges on the cloud platforms, Mazin Ahmed shares why it is important to understand which attack vectors exist, and what can be done about them.
Cloud Security Orienteering
A presentation on how one can quickly get familiar with new cloud environments and accelerate the process of identifying security issues and addressing them.
Identifying Toxic Combinations of Permissions in Your Cloud Infrastructure
Excessive permissions in cloud accounts can significantly increase the attack surface. It is important to understand what permissions are assigned to various users, groups, roles, service accounts versus what permissions they actually need.
Exploiting the O365 Duo 2FA Misconfiguration
An interesting talk on understanding the O365 Duo 2FA misconfiguration and how it can be detected and remediated.
Detection Challenges in Cloud Connected Credential Abuse Attacks
Blurring of traditional perimeters with the emergence of cloud has led to rise of new threats. This talk by Rod Soto takes us through some of the attack scenarios and how defenders can implement detection to address these new threats.
Attack Vectors for APIs Using AWS API Gateway Lambda Authorizers
On AWS, Lambda Authorizers are frequently used with API Gateway, however, one must be careful when working with the policy documents for Lambda Authorizers. This tech talk by Alexandre & Leonardo takes you through interesting examples to showcase the attack vectors for APIs using the AWS API Gateway Lambda Authorizers.
Shift Left Using Cloud: Implementing baseline security into your deployment lifecycle
Implementing the principle of Shift Left in terms of security into your deployment lifecycle can help in finding and fixing vulnerabilities in the early stages making it more efficient to address security issues.
Hunting for AWS Exposed Resources
Misconfigured cloud services exposed to the internet is a very common security issue. This video talks about how exposed AWS resources can be discovered and some interesting insights from the speaker Felipe Pr0teus indicating the importance of securing your cloud resources.
AWS cloud attack vectors and security controls
An insightful presentation by Kavisha Seth on understanding and identifying different attack vectors on AWS and learning about various security controls that can be implemented.
Understanding common Google Cloud misconfigurations using GCP Goat
A hands-on introduction and walkthrough of GCP Goat - an intentionally vulnerable GCP environment to help understand common misconfigurations in Google Cloud and how attackers can take advantage of it.