Hacking the Cloud: Simulating a Misconfiguration Exploit

Session Description

"Cloud misconfiguration can empower attackers with the ability to do real damage to your organization. They use automation to find vulnerabilities and gain access to cloud environments, and then leverage overly-permissive resource configurations to discover resources, move laterally, and extract data—often without detection.

Unfortunately, these cloud vulnerabilities are extremely common in enterprise cloud environments—and they often don’t break compliance rules, and security teams won’t likely recognize them as vulnerabilities.

In this session, Josh Stella, co-founder and CTO of Fugue, conducts a live simulation of one such attack to demonstrate how hackers leverage your cloud services against you—so you can effectively guard against such attacks.

Specifically, Josh will demonstrate:

How bad actors think about attacking cloud environments by exploiting common misconfigurations

How to assess the security posture of your cloud environment, with a focus on critical IAM vulnerabilities

How to approach cloud security holistically from development through CI/CD to the cloud runtime "