Name: It's all in the Cloud: Red Teaming GCP (Google Cloud Platform)
Start: 2019-02-22T16:00:00-0800
End: 2019-02-22T16:30:00-0800

Back To Schedule

It's all in the Cloud: Red Teaming GCP (Google Cloud Platform)

Feedback form is now closed.

Cloud services are frequently misconfigured due to their rapid adoption and engineers not fully understanding the security ramifications of different configurations, which can frequently enable red teams to gain, expand, and persist access within Google Cloud Platform (GCP) environments. In this talk we will dive into how GCP services are commonly breached (e.g. SSRF vulnerabilities, discovering insecure cloud storage), and then show how attackers are expanding access within Docker & Kubernetes (K8s) environments (e.g. CVEs, insecure daemons). Finally we will demonstrate some unique techniques for persisting access within GCP environments for prolonged periods of time!

Speakers

Bryce Kunz

Bryce Kunz (@TweekFawkes) loves researching and red teaming bleeding edge IT services. Bryce is currently the Chief Hacker & President at Stage2Sec.com where he released various open source tools (e.g. soMeta, lolrusLove, yupPhrasing, etc…) and has contributed several modules to... Read More →

Friday February 22, 2019 4:00pm - 4:30pm PST
Clipper Peak

Track 2

BSidesSLC

Bryce Kunz

Attendees (31)

BSidesSLC

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Bryce Kunz

Attendees (31)