Common Infrastructure Exploits in AWS - GCP - Azure Servers and Containers

Explore common infrastructure exploits in AWS, GCP, and Azure servers and containers in this 33-minute RSA Conference talk. Gain insights into the practical risks posed by misunderstanding VPC DNS and other cloud-specific vulnerabilities. Learn about exfiltration risks in cloud hosting services due to DNS and VPC endpoints, understand the limitations of legacy security measures in cloud environments, and discover mitigations available for both server and serverless (container) designs. Delve into topics such as DNS tunneling, VPC DNS, container security, and service endpoint exploitation. Through concrete examples and a hypothetical victim scenario, grasp the critical differences between legacy data centers and cloud architectures. Walk away with key takeaways and actionable steps to improve your cloud security posture, along with valuable resources for further learning.

Intro
This talk in one slide
Motivation
Avoiding unexpected outcomes
DNS Tunneling - Rapid Review
Most critical difference vs legacy data centers
Hypothetical victim
overview
Attack #1 - CatSwap.io web server & DNS
VPC DNS
CatSwap.io container design
AWS ECS
DNS Tunnels in Containers
Applying - containers (and hosts)
Applying what you have learned - DNS
Exploiting Service Endpoints
Service endpoints types & exfiltration options
Attack #3 - CatSwap.io image cluster design
Storage Service Endpoint
Applying - Service Endpoints
Key Takeaways
What to do tomorrow
Final thoughts
Resources
References & Further Reading