logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Sam Quinn Sr. Security Researcher. Trellix Advanced Research Center, Jesse Chick Security Researcher. Trellix Advanced Research Center
2023-08-01

Our current administration lists "Defend Critical Infrastructure" as the #1 item in the 2023 National Cybersecurity Strategy. At the intersection of governmental and corporate concerns is data center security, a trend that is bound to continue as more and more operations move to the cloud. This talk details our findings in the domain of power management, the first category in a broader effort to investigate the security of critical data center components. We will reveal nine vulnerabilities in two integral data center appliances: a Power Distribution Unit (PDU) and a Data Center Infrastructure Management (DCIM) system. Continuing, we will delve into the technical details of the most impactful vulnerabilities and highlight the potential impact on their respective operations. The talk will challenge the misconception that data centers are inherently more secure than on-prem by exposing how attackers could leverage these vulnerabilities. This presentation will be valuable to data center professionals, security researchers, and anyone interested in understanding the characteristic vulnerabilities associated with modern data centers.
Conference:  Black Hat Asia 2023
Authors: Yoav Alon, Tzah Pahima, Yanir Tsarimi
2023-05-12

Cloud is the new operating system of the internet – almost all companies use the cloud to host workloads and data. While there are many talks about how to configure and maintain secure public cloud environments, there's little security research into the core cloud infrastructure, and vulnerabilities in core services could have a big impact on customers.This is the story of how our research led to two major discoveries, crossing tenant boundaries in two services in the biggest cloud vendors. We researched two data integration services, where our exploits allowed us to obtain credentials to other customer accounts and run code on remote machines.We're here to discuss new types of cloud provider service vulnerabilities, the anatomy, the implications - how simple vulnerabilities can lead to great impact, and yet how it still is beneficial to be a cloud customer.
Authors: Guillaume Sauvage de Saint Marc
2023-04-20

tldr - powered by Generative AI

Open Clarity is an open source suite effort that aims at addressing the entire cloud security and application security stack, and making it practical and usable for developers, cloud architects, and security teams alike.
  • Security is key for modern apps
  • Application security needs to be approached across the entire stack and software supply chain
  • Scanners are essential but need to be deployed and orchestrated at scale
  • Good dashboards and UI are necessary to convey a clear and convincing picture of application security posture
  • Open Clarity is an open source suite effort that aims at addressing the entire cloud security and application security stack
  • VM Clarity is a new project that offers VM agentless scanning at scale
  • More open source tools are needed to address the totality of the application security picture
Authors: Maya Levine
2023-04-19

tldr - powered by Generative AI

Cloud breaches are becoming more sophisticated and attackers are learning about cloud-native tools and services. Real-time monitoring and trusted sources for images are critical for cloud security. Supply chain compromises and blind trust in dependencies are also major concerns.
  • Real-time monitoring is critical for detecting malicious activity using secrets
  • Malicious images can be planted in public repositories and trusted sources should be used
  • DDOS attacks are increasing and containers are being used to crowdsource participation
  • Supply chain compromises and blind trust in dependencies can lead to major security issues
  • Attackers are becoming more knowledgeable about cloud-native tools and services
  • Crypto mining attacks are low effort and high reward, and their scale is expected to increase
Authors: Paul Schwarzenberger
2023-02-15

tldr - powered by Generative AI

The presentation discusses the implementation of a serverless architecture for continuous compliance in a large organization's AWS accounts using Lambda functions and other AWS services.
  • The organization has multiple AWS accounts for different purposes and teams
  • The Lambda function assumes a role into the organization management account and triggers a step function to orchestrate Lambda functions for each AWS account
  • Each Lambda function queries Route 53 records and writes to a DynamoDB database and SNS topic for notifications
  • The architecture is designed to be low cost, low operational overhead, and continuous
  • The use of serverless services allows for scalability and ease of maintenance
Authors: Barun Acharya
2022-10-26

tldr - powered by Generative AI

Cube armor is a cloud native runtime security enforcement system that provides fine-grained access control on container entities, with a declarative way to manage policies for access control, inline policy enforcement, and Telemetry data with context.
  • Cube armor provides fine-grained access control on container entities
  • Cube armor offers a declarative way to manage policies for access control
  • Cube armor has inline policy enforcement
  • Cube armor provides Telemetry data with context
Authors: Jeremy Colvin
2022-10-24

tldr - powered by Generative AI

The importance of securing developer laptops in the CI/CD pipeline to prevent security gaps and correlate data across the pipeline.
  • Developer laptops are a high-value asset and a potential entry point for attackers to access cloud infrastructure and data.
  • Real-time device integrity checks are necessary for zero-trust access.
  • Auditing for vulnerable software packages and malicious Chrome extensions is crucial.
  • Tying together identity and GitHub activity on the laptop with CI/CD actions can help detect and protect against malicious behavior.
  • Correlating data across the CI/CD pipeline is essential to prevent security gaps and enable effective security measures.
Authors: Shane Lawrence
2022-05-19

tldr - powered by Generative AI

The presentation discusses the importance of securing software supply chains and the techniques that Shopify has learned in protecting millions of businesses. The talk highlights the challenges of software supply chain attacks and the need for collaboration in addressing the issue.
  • Recent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks.
  • Lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software.
  • Traditional defensive techniques can be applied in the cloud.
  • Voucher and grafeas implementations can give you control over the software that runs in your clusters.
  • The SLSA framework can guide you toward establishing trust in your software.
  • Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised.
  • Specific techniques for mitigating supply chain attacks include scanning or reviewing the code, using static analysis, and looking at the reputation and response to previous incidents of the maintainers.
  • We can expect more from our suppliers by asking for receipts, an S-bomb, and what your software is made of.
Authors: Kavisha Sheth
2021-09-24

Kavisha is a Security Analyst by profession. She is a cloud security and machine learning enthusiast who dabbles in an application and API security and is passionate about helping customers in securing their IT assets. She spends time findings vulnerabilities and doing research for the same. She has been recognized by the Government of India for helping them in securing their websites. She has also been listed in the list of top security researchers of the nation, in a recent newsletter of NCIIPC RVDP.She believes in giving back to the community and frequently finds audiences to talk. She is also a cybersecurity speaker and love to share her views on various infosec threads. She has spoken at various security events and around the world including Defcon Cloud village, OWASP Bay area, OWASP Sofia, Null Bangalore, Bsides Noida, Infosec girl, and so on.