Overview
Syllabus
Intro
Kill Chains and ATT&CK'S
Objectives
Common sources of credential exposure
Static API Credential Exposure to Account Hijack
Compromised Server via Exposed SSH/RDP/Remote Access
Compromised Database via Inadvertent Exposure
RSAConference2020
Object Storage Public Data Exposure (53, Azure Blob)
Oops, my bad...
Server Side Request Forgery - Credential Abuse
Demo
Cryptomining
Network Attack
Compromised Secrets (Instance/VM)
Novel Cloud Data Exposure and Exfiltration
Subdomain Takeover
Non-Killchain Related Issues
Contributing Factors
Apply
Taught by
RSA Conference