Fighting the Previous War - Attacking and Defending in the Cloud Era.

Marco Slaviero will present "Fighting the Previous War - Attacking and Defending in the Era of the Cloud".

Speaker:

Marco is the lead researcher at Thinkst and has presented research at conferences all over the world on topics ranging from timing attacks to python shellcode as per BlackHat USA 2017.

Abstract:

For years and years, network pen-tests have owned companies and networks with playbooks written in the 90's. with a good mix of foot-printing, scripting and unexpected interdependence, even moderately skilled attackers have been able to reign supreme without even needing a 0 day.

How does this change as organizations slip more and more into the cloud?

What do rootkits look like & what does lateral movement mean when it is between different SaaS products?

While we have seen point attacks on cloud vendors there hasn't been enough attention paid to the interdependence of these systems and we have seen precious little on pivoting through or defending these setups.

This talk attempts to update those play-books from the 90's for both red and blue teams.

Parking:

There are two parking levels, each with a separate entrance. There are VOSS marked bays each with an A4 size sign in both parking levels. Which level to park in basically comes down to which one has more free bays, which is hard to predict.

One entrance (to the upper parking) is up the ramp past the fountain. Turn right once you go through the boom. Just keep turning right.

The other entrance (to the lower parking) is down the ramp (opposite Discovery entrance). Go through the boom, drive straight for a little bit and then turn right (there is no other option). Drive all the way to the end. Then just keep turning right.

At the boom you should buzz security and tell them that you're coming to see VOSS.

Refreshments:

VOSS Solutions (http://www.voss-solutions.com)