Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

From Keyless to Careless - Abusing Misconfigured OIDC Authentication in Cloud Environments

BSidesLV via YouTube

Overview

Explore the security risks associated with misconfigured OpenID Connect (OIDC) authentication in cloud environments in this 17-minute conference talk from BSidesLV. Delve into the concept of "keyless authentication" supported by major cloud providers like AWS, Azure, and Google Cloud, and understand its popularity in CI/CD pipelines. Discover how easily misconfigured AWS IAM roles using keyless authentication can be exploited by unauthenticated attackers to retrieve cloud credentials and compromise entire environments. Learn from real-world examples, including a case study involving the UK government's AWS account. Gain insights on identifying vulnerable roles in your own environment and implementing higher-level guardrails to prevent human errors from escalating into data breaches. Presented by Christophe Tafani-Dereeper, this talk offers valuable knowledge for cloud security professionals and developers working with OIDC authentication.

Syllabus

Breaking Ground, Wed, Aug 7, 20:00 - Wed, Aug 7, CDT

Taught by

BSidesLV

Reviews

Start your review of From Keyless to Careless - Abusing Misconfigured OIDC Authentication in Cloud Environments

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.