Embark on a journey into cloud vulnerabilities with this conference talk that uncovers silent threats in Azure's Machine Learning as a Service platform. Explore five critical vulnerabilities discovered across three broad classes of security issues in Azure ML. Learn about insecure logging of sensitive information, including five instances of credential leakage in cleartext on Compute Instances. Discover how exposed APIs in cloud middleware can lead to sensitive information disclosure, potentially enabling lateral movement for network-adjacent attackers. Gain insights into various analysis techniques used to assess managed services like Azure ML, and understand the complexities of the shared responsibility model for cloud security. Delve into the implications of these findings for companies building AI/ML systems and services similar to ChatGPT.
Uncovering Azure's Silent Threats - A Journey Into Cloud Vulnerabilities
Overview
Syllabus
Uncovering Azure'S Silent Threats: A Journey Into Cloud Vulnerabilities by Nitesh Surana
Taught by
nullcon
Related Courses
-
Uncovering Azure's Silent Threats - A Journey into Cloud Vulnerabilities
-
Breaking ML Services: Finding Zero-Days in Azure Machine Learning
-
All Your Cloud Are Belong To Us – Hunting Compromise in Azure
-
Pwning Cloud Vendors with Untraditional PostgreSQL Vulnerabilities
-
Breaking Managed Data Services in the Cloud
-
Migrate Securely from On Prem to Azure Cloud
