There are too many awesome talks at Hacker Summer Camp to pick from but as much as we would all like to watch them all, we all have topics we are passionate about and for us, you guessed it right – its the Cloud Security Ones.

This list is not complete,  we have tried to keep to Cloud Security Ones only otherwise the list will get rather long  and we will continue to add to it as you continue to tell us which ones we shouldn’t miss and which ones you loved…

In no particular order….

Black Hat USA – Cloud Security Practitioners Briefings

Blackhat bundles Cloud & Platform Security together (possibly because they don’t get a lot of talks for each of these topics considering Cloud Security Research as a field is only few years old). Overall there were not a lot of Cloud related talks 3 directly talking about Cloud and 8 indirectly. I’ve listed the talks here:

• AAD Joined Machines – The New Lateral Movement –  Mor Rubin  
• IAM The One Who Knocks –  Igal Gofman  & Noam Dahan 

• Beware of non human identities 
• Some CSP defaults are an attackers best friends 
• While logging is important and better than they have been before but they do have limits which we must be aware of and should be contextualized. Logging allows for better permission building. 
• Shared list of AWS IAM Tooling 
  • Policy Sentry –   Kinnaird McQuade
  • Iamlive – Ian McKay
  • Cloud Tracker – Scott Piper
  • Repokid – Netflix
  • Iamspy – Nick Jones and Mohit Gupta 
  • PMapper – Erik Steringer
  • Cloudsplaining – Kinnaird McQuade

• Backdooring and Hijacking Azure AD Accounts by Abusing External Identities –  Dirk-jan Mollema 
• Kubernetes Privilege Escalation: Container Escape == Cluster Admin? –  Yuval Avrahami & Shaul Ben Hai 
• Pwning Cloud Vendors with Untraditional PostgreSQL Vulnerabilities – Shir Tamari & Nir Ohfeld
  

For those in secondary space (SupplyChain, Containers, Serverless, AppSec etc) would appreciate the following talks too:

• In Need of ‘Pair’ Review: Vulnerable Code Contributions by GitHub Copilot, Hammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, Baleegh Ahmad
• Controlling the Source: Abusing Source Code Management Systems, Brett Hawkins
• RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise, Iain Smart, Viktor Gazdag

Defcon

Taking a Dump In The Cloud – Melvin “Flangvik” Langvik

Cloud Village – clearly calls out to us 

• Security at Every Step: The TL;DR on Securing Your AWS Code Pipeline – Cassandra Young – Alexandre Sieira
• Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team – Christophe Tafani-Dereeper
• Understanding, Abusing and Monitoring AWS AppStream 2.0 – Rodrigo Montoro
• Shopping for Vulnerabilities – How Cloud Service Provider Marketplaces can Help White and Black Hat Vulnerability Research – Alexandre Sieira
• Who Contains the ‘Serverless’ Containers? – Daniel Prizmant
• Deescalate the overly-permissive IAM – Jay Chen – share recent research on 18,000 production cloud accounts across AWS and Azure   showed that 99% of the cloud identities were overly-permissive.CSP-managed policies were granted 2.5 times more permissions than customer-managed policies

But there are some great cloud security talks happening at these villages too (and maybe others we don’t know about yet, so let us know)

• AppSec Village
  • Cloud Security and IAM for Devs and DevOps – How can IAM be exploited and how to minimize the risks, David Hendri
  • The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack, Elad Rapoport, tzachi(Zack) zorenshtain
• Red Team Village
  • Container and Kubernetes Offense, Michael Mitchell
• Recon Village
  • New Frontiers in GitHub Secret Snatching, Tillson Galloway
• Blue Team Village
  • Cloud Security Panel

Bsides Vegas

• A Tale of Two Malware Families – Overcoming Anti-Forensics and Foiling Botnets in the Cloud – Matt Muir – poke about how attacks are increasing in both severity and sophistication and it seems that defenders haven’t adapted at the same pace.  adversary groups possess an increased awareness of incident response techniques and cloud security mechanisms, which are being leveraged in attacks. Spoke about 2 cloud-focused malware campaigns, where attackers evaded detection and foil attribution with sophisticated methodologies
• Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat – Omer Gil, Asaf Greenholts
• CICD security: A new eldorado (talk) – Remi Escourrou, Xavier Gerondeau, Gauthier Sebaux – spoke about the rise of attacks targeting CI/CD environments – CI/CD pipeline is becoming part of standard infrastructure and increased adoption of Infrastructure as code – this is also becoming the attack surfaces for supply chain attacks
• Adding DAST to CI/CD, Without Losing Any Friends  – Tanya Janca, Akira Brand
• Code Dependency: Chinese APTs in Software Supply Chain Attacks – Cheryl Biswas – You cannot talk to Supply chain security without the mention of open source dependencies,  third party code, open source libraries and shared repositories. There was a nod to this and attention drawn to the fact that while Russian APTs have garnered much attention, Chinese APTs have been the force behind more attacks than people may realize – targeting the technology sector for economic espionage and intellectual property theft
• How to Win Over Executives and Hack the Board – Alyssa Miller
• Lessons Learned from the CISA COVID Task Force & Healthcare Attacks – Kendra L Martin, Michelle Holko
• Prowler Open Source Cloud Security: A Deep Dive Workshop – Toni De la Fuente, Sergio Garcia
• Speeding Up AWS IAM Least Privileges with Cloudsplaining, Elastic Stack & AWS Access Analyzer – Rodrigo Montoro
• Understanding, Abusing and Monitoring AWS AppStream 2.0 – Rodrigo Montoro – spoke about how Cloud Security World, access keys are the new perimeter, and permissions become the limits for this perimeter. IAM with Least Privilege defines the security posture in an AWS account and one tool which helps with this is cloudsplaining