An attacker's perspective: Securing and Risks of Cloud Environments and SaaS Data.
Workshop*FrançaisNetwork and security
2024-11-05 | 10:00 AM - 10:30 AM | Room 516 DE
Information
This presentation offers an in-depth analysis of best practices and tools for securing data, whether in the cloud, on-premises, or through SaaS applications. It also focuses on the risks of Azure misconfigurations, illustrating how they can be exploited by attackers to perform lateral movement, command execution, or privilege escalation.
Attendees will learn about access control policies, including the distinctions between AzureRM and EntraID, as well as role-based access control (RBAC) models. The overview also covers key permissions, such as those for Azure KeyVault and the MSGraph API.
In addition, cyberattack techniques such as illicit consent, advanced phishing in Azure, and abuse of serverless resources will be discussed, as well as methods to circumvent MFA and persistence strategies. Finally, participants will learn how to identify the latest tactics used by attacker groups (APTs) and how to put in place effective defense strategies to ensure regulatory compliance and reduce the risk of exposure.
In addition, cyberattack techniques such as illicit consent, advanced phishing in Azure, and abuse of serverless resources will be discussed, as well as methods to circumvent MFA and persistence strategies. Finally, participants will learn how to identify the latest tactics used by attacker groups (APTs) and how to put in place effective defense strategies to ensure regulatory compliance and reduce the risk of exposure.
