Hacking the Cloud(s)
The three-step penetration testing process for running Nmap, then Nessus and finally Metasploit is well documented and understood these days. And apart from the million subtleties that come with pen-testing a new target, the normal procedures and tools are pen-testing work quite well. Hacking systems and services hosted in the cloud however presents a whole new set of methodologies and challenges.
This talk will cover how hacking cloud hosted systems can be both similar to traditional networks, as well as new and different in many aspects. Some parts of cloud computing are no different than "running code on someone else's computer". But many aspects of cloud providers represent new challenges and concerns for security. This talk will cover some high-level security testing techniques for cloud hosted systems and services, and will also go into specifics for Azure, AWS, and Google Cloud Platform. These techniques can also be used from a defensive perspective to help secure any systems hosted in these environments.
Wesley Wineberg is a member of the Azure Red Team at Microsoft (Azure is the Microsoft cloud). Prior to Microsoft, Wes has had various security roles, covering everything from web apps to SCADA systems. Known for being an expert on Bug Bounty ethics, Wes also enjoys black box analysis, pen testing, software, firmware and hardware reverse engineering.