Data Security Action Lab

Through interoperable cloud services, attackers defeat native security tools and move laterally through the cloud infrastructure.

In this webinar, Abhinav highlights the real cloud data risk chains that lead to account takeover and exposure of sensitive data and shows what can be done to prevent these attacks.

Examples of adversarial tactics include but are not limited to

* Abusing the account organization’s setup to onboard an external account and making it a trusted entity to avoid detection and perform data exfiltration.
*Attacker abuses the cross-account trust relation to move laterally between different accounts leading to a fan-out effect while remaining completely hidden from defense tools like Guardduty.
* An identity-based attack that chains multiple IAM permissions to build an ROP-like privilege escalation scenario and compromise the entire cloud infrastructure.

In the first part of this two-part series, Carlos will go over the current landscape for subdomain takeover by analyzing some bug bounty report statistics and then go over the theory behind how attackers can leverage this flaw to hijack subdomains. Finally, Carlos will discuss several simple actions that can be taken to protect your cloud environment against this vulnerability and give a sneak peek into the hands-on exercises from the upcoming Part 2.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

In the second part of this two-part webinar, Carlos will do a hands-on demonstration of a subdomain takeover attack using open-source tools. This demo will contain two attack vectors: AWS S3 and AWS Elastic Beanstalk. In the end, Carlos will also demonstrate how data security tools can help you protect your cloud environment against Subdomain Takeover attacks.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

In today's fast-changing cloud environment, moving beyond traditional closed-box penetration testing methods is essential. Join us for an engaging webinar led by Carlos Vendramini, an expert from Normalyze, as he takes you through the steps to set your organization up for success in your next Cloud Security Assessment. Whether you're outsourcing a Cloud Penetration Test or developing an internal process for Cloud Security Audits, Carlos will provide guidance based on your organization's level of cloud security maturity.

Key takeaways:
- Emphasize the need to move beyond traditional penetration testing techniques.
- Guidance on how to prepare for a successful Cloud Security Assessment.
- Consider different options based on the organization's cloud security maturity level.
- Importance of scoping the assessment, setting clear objectives, and ensuring proper access provisioning.
- Best practices for protecting your cloud environment.