GETTING STARTED WITH HACKING AWS CLOUD скачать в хорошем качестве

GETTING STARTED WITH HACKING AWS CLOUD

If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette, a Senior Security Researcher who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP. -------------------------------------------------------------------------------- Questions/Chapters: 00:00 Introduction 02:38 https://snyk.io/csp 03:26 A bit about Nick 04:15 How is Security research different? 05:55 How to approach cloud security research? 07:24 How to pick the service you want to research? 08:51 What is AWS AppSync? 09:30 What is Confused Deputy Vulnerability? 10:16 The AppSync Vulnerability 12:09 Cross Account in AWS 13:41 Blue Teaming Controls when doing research 14:22 Framework for detective controls 16:01 What to do if you find an AWS vulnerability? 17:20 Legal constraints of security research 20:13 Where to get started in Cloud Security Research? 22:45 Are some misconfigurations becoming less common? 24:59 What is IMDSv2 and how is it different to IMDSv1? 27:00 Why is SSRF bad? 28:52 Cloud Pentesting Platforms 29:57 The story being hacking the cloud 31:25 Who should think about breaking the cloud? 34:02 Cloud Security Research Tools 36:38 How to access AWS environment for research? 39:12 Security Lab Resources 40:04 The Fun Questions -------------------------------------------------------------------------------- 📱Cloud Security Podcast Social Media📱 _____________________________________ Twitter:   / cloudsecpod   Facebook:   / cloudsecuritypodcast   LinkedIn:   / cloud-security-podcast   Website: https://cloudsecuritypodcast.tv/ -------------------------------------------------------------------------------- This episode is brought to you by Snyk - snyk.io/csp #awssecurity #cloudsecurity #cloudpentesting