Red Teaming in the Cloud
September 27, 2024 (GMT +8)
15:00
Camia (Village Tracks)
Workshop (Limited Slots)
This short session will cover the tools and techniques used by red teams to breach modern SaaS-based IT environments. Participants will learn how to craft sophisticated phishing campaigns and use Adversary-in-the-Middle (AiTM) techniques to gain persistent access to cloud-hosted data.
What you will Learn:
- Phishing for Session Tokens: Learn to design convincing phishing attacks tailored for SaaS application users.
- Adversary-in-the-Middle Attack Techniques: Understand how to conduct a successful AiTM attack to capture session tokens and bypass MFA.
- SaaS Application Exploitation: Observe how compromised credentials and session tokens can be leveraged to navigate cloud environments and escalate privileges.
- Post-Exploitation Persistence: Learn techniques for maintaining persistent access to SaaS applications.
Who Should Attend:
- Penetration testers and red teamers that work on cloud security engagements or are interested in learning how modern SaaS-based IT environments are compromised.
- Blue-teamers responsible for defending cloud environments against advanced threats.
- Anyone interested in understanding the latest techniques used by attackers to breach cloud security controls.
Trainer
Gareth Batchelor The founder of Cloudtrace, an AWS advanced tier partner specialising in cybersecurity services for SaaS businesses. Gareth has 25 years’ experience in the field of cybersecurity, gained across multiple sectors including financial services, telecommunications, healthcare and fast moving consumer goods. He has spent the past 10 years specialising in cloud security, in both offensive and defensive roles. Prior to founding Cloudtrace, he worked as the regional security architect for Nokia and the perimeter security services lead for the Commonwealth Bank of Australia. Gareth has developed several secure coding courses that simulate real-world application attacks and provide a view of the offensive techniques used to compromise modern cloud-hosted applications. He has delivered those courses to hundreds of developers across the APAC region.
« Back