Session

The Dark Side of DevOps

Cloud Security Landscape is rapidly changing. Cloud security platforms are being adopted by all industries at a rapid pace and are often being utilized in CI/CD development pipelines that store highly sensitive data. We will demonstrate how finding secrets stored in CI/CD pipelines can establish a foothold on cloud environments and can lead to a total compromise of an organizations overall security posture. The first part of our talk will discuss different ways to pivot to different cloud environments through CI/CD pipelines and the security misconfigurations that come with them. We will speak about GCP and AWS attack vectors and how those can allow attackers to pivot to additional cloud environments or even compromise an on-premise AD environment. The Google Cloud Platform has often been overlooked for attack and penetration assessments. In one of the sections , we will demonstrate how internal repositories like GitHub can lead to obtaining privileged access into GCP by exploiting IAM attack vectors. Additionally, we will discus how environments like GCP and G Suite are connected by domain wide delegation and how attackers are capable of laterally moving into G Suite and obtaining super admin access. Next we are going to talk about the interconnectivity between different environments. A lot of organizations believe that cloud environments are segregated from their internal networks and their Active Directory environment. We will demonstrate that the on-premise and cloud environments are all inter-connected and how attackers can pivot between environments to escalate privileged on Cloud and AD environments. Lastly, we are going to talk about what organizations should be aware when setting up hybrid environments with DevOps pipelines to protect from insider threat actors.

Marios Gyftos

Senior Penetration Tester

Chicago, Illinois, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top