Conference:  Global AppSec San Francisco 2022

Authors: Jenko Hwong

2022-11-18

Supply chain identity attacks are not new, for example the Golden SAML attack (Cyberark, 11/2017), which used stolen certificates to spoof SAML responses. Recently, new POC identity attacks have been published such as gaining access to a Facebook account that uses Gmail as the identity provider via OAuth 2.0 (Sammouda, 5/2022), utilizing the chaining of traditional web vulnerabilities such as XSS with the design of the OAuth protocol in order to steal OAuth session tokens. These new attacks pose new challenges for security operations: remotely-enabled attacks by design without need for endpoint compromise, near-permanent access, no need to go through MFA challenges, and incomplete controls for security operations in preventing, detecting, and responding to these attacks.This presentation looks underneath the hood at these more recent attacks that are combining attacks against peculiarities in today's ubiquitous OAuth 2.0 protocol along with traditional web vulnerabilities. We will cover how these attacks work, what's different about them, how OAuth 2.0 is used and abused, and how we must incorporate new controls specific to the protocols involved in order to defend against these attacks.We'll look at what controls or measures are provided by identity vendors such as Microsoft and Google and popular SaaS apps, and look at the cost-benefit of implementing your own controls.This presentation will focus on hands-on demos to illustrate the new attacks as well as efficacy of defensive measures. Slides will focus on security architectures and flows to convey fundamental concepts. Any useful tools or demonstrations will be made available in an open-source repository under 3-Clause BSD licensing.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: John-Paul Robinson, Camille Rodriguez

2022-10-27

The presentation discusses the use of Kubernetes (K8s) in research computing, particularly in machine learning operations (mlOps) workflows. The speaker highlights the need for a K8s platform to handle the environmental configuration and workflow integration required by mlOps. The presentation also touches on the challenges of managing different CUDA versions and the need for generous resource provisioning to handle large models in containers.

• Kubernetes is being used in research computing, particularly in mlOps workflows
• A K8s platform is needed to handle the environmental configuration and workflow integration required by mlOps
• Managing different CUDA versions can be challenging
• Generous resource provisioning is needed to handle large models in containers