Cloud Pentesting workshop

A presentation at SACON 2019 in in Bengaluru, Karnataka, India by Anant Shrivastava

  1. Introduction to Cloud Computing (10 minutes)
  2. Product Offerings by Major Vendor’s (15 minutes) AWS Azure GCP Openstack
  3. How does Cloud Pentesting differs from Conventional Pentesting (10 minutes)
  4. Explore Attack Surfaces on different Cloud environments IaaS, PaaS, SaaS, Serverless (10 minutes)
  5. Exploiting Metadata API’s
  6. Abusing cloud storage
  7. forensic anaylsis of cloud snapshots
  8. Attacking Azure AD
  9. Attacking Serverless
  10. Understanding and attacking IAM Services
  11. Various Case Studies