From being trainers at BlackHat to sponsoring at the conference. A bit about our journey in brief.Read More
The idea for the talk came when I was building CTF challenges for CloudVillage at DefCon this year. The idea was to create challenges in cloud platforms, other than the big 3, which would not only get the folks playing all riled up, but those who love to go the extra mile would figure out solutions reading the documentation and by poking around. It was then that I realised how little has been written about attacking IBM Cloud.
The talk is mostly me attempting to make sense of the documentation, poking around to see what the services do and see what parts could be attacked. The research is still ongoing and given that there is not a lot you can present in the 20 minutes during the conference, we have created a repository of things that everyone could add to.
The GitHub repo is at - https://github.com/Kloudle/pentesting-ibm-cloud
Here are all the slides from the fwd:cloudsec 2021 conference presented virtually on 14th September 2021
This post will be updated with a rundown of the slides and the video recording when it becomes available from the conference organisers.
A list of talks in the Cloud Security and Platform domain that we have added to our must watch list of talks as the sheer number of sessions at the Black Hat briefings can be overwhelming!Read More
An authentication bypass within Apache Airflow allowed an attacker to login as any user in the Airflow system. Post exploitation within the app, led to a full cloud account compromise on AWS.Read More
We help you monitor and prevent any data breaches.Let's Talk