Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines and Beyond
fwd:cloudsec via YouTube
Overview
Explore a 24-minute conference talk from fwd:cloudsec Europe 2024 that delves into the security vulnerabilities of policy-as-code engines and Infrastructure-as-Code (IaC) domain-specific languages. Learn how attackers can potentially exploit policy engines like Open Policy Agent (OPA) Rego and Terraform HCL to compromise cloud identities, conduct lateral movements, and exfiltrate sensitive data. Discover novel malicious techniques including DNS tunneling in DSLs, and examine the results of scans performed on the public Terraform registry to assess current threats. Gain valuable insights into detection rules and best practices for defending against these vulnerabilities. Senior Security Researcher Shelly Raban, with her extensive background in cybersecurity, threat hunting, and cloud security research at Tenable, presents findings from this critical investigation into the security implications of running arbitrary policies on policy engines that govern modern cloud applications and Kubernetes platforms.
Syllabus
Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines […] ~ Shelly Raban
Taught by
fwd:cloudsec