Cloud Security Podcast

GETTING STARTED WITH HACKING AWS CLOUD

Listen Later

Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter:  Nick Frichette (Nick's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Introduction

(02:38) snyk.io/csp
(03:26) A bit about Nick  
(04:15) How is Security research different?
(05:55) How to approach cloud security research?
(07:24) How to pick the service you want to research?
(08:51) What is AWS AppSync?
(09:30) What is Confused Deputy Vulnerability?
(10:16) The AppSync Vulnerability
(12:09) Cross Account in AWS
(13:41) Blue Teaming Controls when doing research
(14:22) Framework for detective controls
(16:01) What to do if you find an AWS vulnerability?
(17:20) Legal constraints of security research
(20:13) Where to get started in Cloud Security Research?
(22:45) Are some misconfigurations becoming less common?
(24:59) What is IMDSv2 and how is it different to IMDSv1?
(27:00) Why is SSRF bad?
(28:52) Cloud Pentesting Platforms
(29:57) The story being hacking the cloud
(31:25) Who should think about breaking the cloud?
(34:02) Cloud Security Research Tools
(36:38) How to access AWS environment for research?
(39:12) Security Lab Resources  
(40:04) The Fun Questions

See you at the next episode!

...more
View all episodesView all episodes
Download on the App Store
Cloud Security PodcastBy Cloud Security Podcast Team
  • 5
  • 5
  • 5
  • 5
  • 5

5

56 ratings

More shows like Cloud Security Podcast

View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

Risky Business by Patrick Gray

Risky Business

371 Listeners

The Cloudcast by Massive Studios

The Cloudcast

151 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

651 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,021 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,061 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

179 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

180 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

188 Listeners

Practical AI by Practical AI LLC

Practical AI

204 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

205 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

139 Listeners

Cloud Security Podcast by Google by Anton Chuvakin

Cloud Security Podcast by Google

40 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners