Loading…
Attending this event?
Friday, February 14 • 9:30am - 9:55am
PRO SESSION: Hacking the Cloud: Simulating Advanced Cloud Misconfiguration Exploits

Sign up or log in to save this to your schedule and see who's attending!

The cloud changed the way hackers operate: Rather than targeting an organization and then searching for vulnerabilities to exploit, they now use automation to scan the internet looking for cloud misconfigurations to exploit, and then use IAM like a network to move laterally, find data, and extract it. We’ve graduated from simple misconfiguration mistakes to techniques bad actors are using today to breach data out from under the most advanced cloud security teams⁠—often without detection.

Josh Stella, CTO of Fugue, and Ricardo Green, Senior Solutions Architect at Fugue, will walk through a live demonstration of how hackers take advantage of common⁠ but overlooked cloud misconfigurations to gain access to environments, jump from account to account, discover resources to target, and exfil sensitive data.

This session will be performed live in the terminal and the AWS console, and will cover advanced topics that primarily focus on AWS IAM (Identity and Access Management) service misconfigurations. While focused on AWS, the concepts are readily applicable to other cloud platforms such as Microsoft Azure and Google Cloud Platform.

At each step of the way, they’ll talk in detail about why these misconfigurations happen in every day cloud operations, how they’re taking advantage of them, and how these attacks can be prevented.

DeveloperWeek Speakers
avatar for Josh Stella

Josh Stella

Cofounder and CTO, Fugue
Josh Stella is co-founder and CTO of Fugue, the company delivering autonomous cloud infrastructure security and compliance. Previously, Josh was a Principal Solutions Architect at Amazon Web Services (AWS), where he supported customers in the area of national security. Prior to Fugue... Read More →


Friday February 14, 2020 9:30am - 9:55am
DeveloperWeek PRO Stage D (Room 208)
Feedback form isn't open yet.