In cloud environments, applications and cloud infrastructure often overlap in ways that attackers can exploit. This talk demonstrates specific techniques attackers use to escalate application vulnerabilities into cloud compromises. We will show how attackers leverage stolen credentials and privileged access, and provide practical strategies to defend against these threats.
Talk
Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments
March 13, 13:30 (CLOUD)
Speaker

Christophe Tafani-Dereeper
Christophe lives in Switzerland and works on cloud security research and open source at Datadog. He previously worked as a software developer, penetration tester and cloud security engineer. Christophe is the maintainer of several open-source projects such as Stratus Red Team, GuardDog, CloudFlair, Adaz, and the Managed Kubernetes Auditing Toolkit (MKAT).