Cloud Security Podcast

GETTING STARTED WITH HACKING AWS CLOUD

Listen Later

Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter:  Nick Frichette (Nick's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Introduction

(02:38) snyk.io/csp
(03:26) A bit about Nick  
(04:15) How is Security research different?
(05:55) How to approach cloud security research?
(07:24) How to pick the service you want to research?
(08:51) What is AWS AppSync?
(09:30) What is Confused Deputy Vulnerability?
(10:16) The AppSync Vulnerability
(12:09) Cross Account in AWS
(13:41) Blue Teaming Controls when doing research
(14:22) Framework for detective controls
(16:01) What to do if you find an AWS vulnerability?
(17:20) Legal constraints of security research
(20:13) Where to get started in Cloud Security Research?
(22:45) Are some misconfigurations becoming less common?
(24:59) What is IMDSv2 and how is it different to IMDSv1?
(27:00) Why is SSRF bad?
(28:52) Cloud Pentesting Platforms
(29:57) The story being hacking the cloud
(31:25) Who should think about breaking the cloud?
(34:02) Cloud Security Research Tools
(36:38) How to access AWS environment for research?
(39:12) Security Lab Resources  
(40:04) The Fun Questions

See you at the next episode!

...more
View all episodesView all episodes
Download on the App Store
Cloud Security PodcastBy Cloud Security Podcast Team
  • 5
  • 5
  • 5
  • 5
  • 5

5

56 ratings

More shows like Cloud Security Podcast

View all
Risky Business by Patrick Gray

Risky Business

365 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

The Cloudcast by Massive Studios

The Cloudcast

152 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,009 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

202 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,879 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Practical AI by Practical AI LLC

Practical AI

192 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Cloud Security Podcast by Google by Anton Chuvakin

Cloud Security Podcast by Google

38 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners