Identifying Toxic Combinations of Permissions in Your Cloud Infrastructure

Pragti Chauhan
Feature image


Cloud platforms like AWS, Azure, and Google Cloud allow for various types and combinations of permissions to be granted to accomplish various tasks. One of the most important things to consider here is identifying toxic combinations of permissions. If these exist, the attackers can take advantage of it in various ways to execute their attacks.

This video has been presented by Michael Raggo. He has over 20 years of experience in security research and is currently focussing on cloud security. He actively presents at various security conferences including Black Hat, DEF CON, RSA, OWASP, HackCon, and SANS. He has authored “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” books. His research work has been highlighted on television and a number of media publications. He has also been awarded the Pentagon’s Certificate of Appreciation.

What to expect from this video

Following topics have been covered in this video:

  1. Introduction - What to look for in your cloud infrastructure
  2. The state of cloud security which has led to breaches
  3. Cloud Infrastructure Cyber Kill Chain
  4. A walkthrough of recent breaches
  5. Top permission risks and key findings from AWS, Azure, and Google Cloud
  6. What can be done to identify toxic combinations of permissions
  7. Examples of Anomalous Behaviour
  8. Mitigation strategies
  9. Cloud permissions activities hygiene


Key Takeaways

To understand the security posture of your cloud infrastructure, planning and conducting regular pentesting and security assessments is a good way to go. Another great way is to understand how the breaches really occur to better understand how to protect our cloud infrastructure.

This video introduces you to Cyber Kill Chain for cloud infrastructure and helps to understand what to look for, to identify anomalies in your infrastructure. Excessive permissions in cloud accounts can significantly increase the attack surface. The speaker also shares some very interesting real world examples of top permission risks and some key findings across the major cloud platforms like AWS, Azure, and Google Cloud in order to understand where the most prominent risks are found. The second half of the presentation helps to understand what to look out for and what can be done to mitigate the toxic permissions combinations that may be lurking around in the cloud infrastructure.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

← Back to Academy