You do not want to miss these talks at Black Hat USA!
With over 100 talks at Blackhat USA, it's difficult to choose the right sessions. Here is a curated list of talks around Cloud & Platform Security. If for you, like for us, breaking, monitoring and securing the cloud gives an adrenaline rush, this is the perfect list to start with. See you at Blackhat USA.
It's that time of the year, where like the last several years, we would have landed and would be checking into either the Mandalay Bay or the iconic Luxor next door in all the anticipation of a week full of some badass hacking, technical conversations and loads of fun! Alas, the pandemic has had other plans, so this year as well, we will be at Black Hat virtually.
Kloudle is one of the virtual sponsors at Black Hat USA this year. We have setup a booth for your folks to come hang out at, see what we are building in the cloud security monitoring and auto remediation space, see a demo of the product, talk to us about your cloud security problems and grab some swag on the way out!
This year the conference is running from July 31 to August 5 and is both in person and virtual. Black Hat started with several virtual training programs running from July 31st to August 3rd with the in-person (and virtual) briefings scheduled on August 4th and 5th. It's a fun conference to begin with and the endless post training and evening parties add a whole different charm to how we experience the conference.
There are over a 100 talks at the briefings running in parallel across multiple physical rooms and as virtual talks. This is a problem every year that I experience where it is difficult to attend all the talks that I would want to. This year as well, focusing our interests to Cloud & Platform Security, we have curated a list of talks that we would not want to miss at Black Hat! If you are like us breaking, monitoring and securing the cloud gives you the adrenaline rush, this list is for you!
Don't miss these talks
A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms | Wednesday, August 4 | 10:20 AM - 11:00 AM ( Virtual ) & 1:30 PM - 2:10 PM ( Lagoon Hi )
This is going to be an interesting talk especially given that the attack vector is an implementation of DNS. DNS as a Service via services like Route53 in AWS are attacker favorites but going by the description that the talk has it appears that Shir Tamari and Ami Luttwak were able to setup rogue DNS servers and capture lookup requests coming over the Internet. It will be interesting to see what the exact attack was and what the mitigations would like for organisations. DNS is often overlooked when securing infra and this could be one of those talks that creates more discussion around DNS implementation security.
Breaking the Isolation: Cross-Account AWS Vulnerabilities | Wednesday, August 4 | 11:20 AM - 12:00 PM ( Virtual ) & 3:20 PM - 4:00 PM ( Lagoon FL )
A lot of assumptions are going to be broken in this talk. Cross account vulnerabilities in cloud providers can exist because the permission model and access is controlled and implemented by policies either via the ones that you have written or managed policies provided by the cloud platform.
From the description, it appears that the researchers, Shir Tamari and Ami Luttwak found policy mis-configurations that caused the AWS API to interact with services and resources across accounts simply because the policy was implemented insecurely. The talk will also highlight a very important observation that I have made in the past about how it is difficult to track vulnerabilities in the cloud especially when there is no CVE or are not tracked by organisations like NIST which results in customers remaining vulnerable simply because the vulnerable version of the policy receives a version update (the policy itself is not overwritten but an updated version is provided) and the onus of using the latest and greatest secure version of the policy lies with the customer. Can't wait to see this one.
Bridging Security Infrastructure Between the Data Center and AWS Lambda | Thursday, August 5 | 10:20 AM - 11:00 AM ( Virtual ) & Wednesday, August 4 | 3:20 PM - 4:00 PM ( South Seas CD )
This one is heavy on architecture and design but will be an excellent insight into how enterprises who are gradually moving to the cloud but need access to a lot of their Data Centre resources face unique challenges and how custom engineering a solution with both cloud and data centre resources is the key while the transition is occurring. Michael and the folks at Square will talk about how they constructed a workload identity in AWS Lambda to bridge the absence of trusted authentication to exist in both the environments.
Lots of learning through this talk, especially for folks in security engineering who may be in the same phase of transformation as the good folks at Square.
HTTP/2: The Sequel is Always Worse | Thursday, August 5 | 1:30 PM - 2:10 PM ( Virtual )
James Kettle never disappoints with the whacky research he produces in the web security space. This one is no different. Building on his research into desync attacks, this time focussing on HTTP/2, James promises to showcase weaknesses in implementation and RFC imperfections of HTTP/2 across AWS Load Balancer, WAF's and other tech stacks out there.
James uses a lot of real world examples and shows how the weaknesses that he uncovers can actually be used to perform wide scale attacks and exploitation. This one's going to be houseful and I'm secretly glad this is virtual only!
We are at Black Hat too!
Kloudle will also be running an on-demand virtual sponsor session titled "Master Multi Cloud Security with Visibility and Automated Response" on Wednesday, August 4 at 8:00 AM. Stop by our virtual booth on Swapcard and talk to us about what challenges you face with the security of your cloud. We have some awesome swag to give away and there's a chance you could take home an Apple watch too!
ABOUT THE AUTHOR
Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP
Enjoyed this read?
Subscribe to our newsletter and stay ahead with more great insights and resources on cloud security!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.