Josh Stella CTO @ Fugue LinkedIn: https://www.linkedin.com/in/josh-stella-949a9711/ Cloud security is a software engineering problem⁠ - not a traditional security problem. This talk will demonstrate an advanced cloud misconfiguration exploit to understand how to protect against such attacks using architecture best practices. The cloud changed the way hackers operate: Rather than targeting an organization and then searching for vulnerabilities to exploit, they now use automation to scan the internet looking for cloud misconfigurations to exploit, and then use IAM like a network to move laterally, find data, and extract it. We’ve graduated from simple misconfiguration mistakes to techniques bad actors are using today to breach data out from under the most advanced cloud security teams⁠—often without detection. Josh Stella, CTO of Fugue, will walk through a live demonstration of how hackers take advantage of common⁠ but overlooked cloud misconfigurations to gain access to environments, jump from account to account, discover resources to target, and exfil sensitive data. This session will be performed live in the terminal and the AWS console, and will cover advanced topics that primarily focus on AWS IAM (Identity and Access Management) service misconfigurations. While focused on AWS, the concepts are readily applicable to other cloud platforms such as Microsoft Azure and Google Cloud Platform. — 🥇 Gold Sponsor: LightStep 🥈 Silver Sponsor: MayaData — 0:00 Intro 0:19 Talk — Website 🚀🪐 https://www.conf42.com Reach out 📧📭 mark@conf42.com Conf42 Discord 🧑‍🤝‍🧑💬 https://discord.com/invite/dT6ZsFJ5ZM LinkedIn 👨‍💼💼 https://www.linkedin.com/company/49110720/ Twitter 🎵🐦https://twitter.com/conf42com Conf42Cast @ Spotify 🎧 https://tinyurl.com/bnyj6a8y