Episode 19: Understanding Cloud Attack Vectors

Episode 19 August 02, 2020 00:40:22
Episode 19: Understanding Cloud Attack Vectors
SilverLining IL
Episode 19: Understanding Cloud Attack Vectors

Aug 02 2020 | 00:40:22

/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Or Kamara

Guest Title:  Senior team lead 

Company:  Synk

Abstract

Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack.

Timing:

0:35 Introducing our guest

4:10 introducing the story the capital one hack 

5:45 The phases of the Capital One hack

7:50 The first misconfiguration - servers exposed to the internet unintentionally

11:05 the SSRF vulnerability and understanding meta-data service

19:38 Using API keys for browsing S3 and how to mitigate it

26:00 things that Capital One did right and additional insights

28:00 how should developers and IT 

30:50 shifting from traditional security to new cloud security mindset

36:00 summary and final words

Other Episodes

Episode 59

May 30, 2023 00:32:40
Episode Cover

SilverLining Episode 59: Understanding the six pillars of DevSecops

Guest: Sam Sehgal, Co-Chair for the CSA DevSecOps working group and program Lead - DevSecOps Strategy and Architecture, Dell Language: English   Abstract DevSecOps, the...

Listen

Episode 1

November 04, 2018 00:37:41
Episode Cover

Episode 1: Security Challenges With The Growing World Of Serverless Functions

Attendees Guest: Ory Segal, Puresec Guest title:  CTO & Co-Founder at PureSec Company:  Puresec is the global leader in serverless architectures security.   Serverless functions...

Listen

Episode 53

August 25, 2022 00:30:56
Episode Cover

SilverLining Episode 53: Automating Infrastructure Pipelines

Guest: Rob Hirschfeld  Guest Title: CEO & Co-Founder at RackN Topic: Automating Infrastructure Pipelines Language: English   Abstract In modern applications, Infrastructure automation is an...

Listen