When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability

928 Lượt nghe
When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability
...This presentation maps out various attacks against AWS environments following the MITRE ATTACK Matrix framework, wrapping up with the multiple prevention mechanisms an organization can put in place to protect themselves. The complexity of these attacks details how seemingly innocuous AWS API calls lead to much more daunting activity that is not always traceable. One size does not fit all in cloud security, but these attacks highlight key areas to focus on to make sure you're ready to defend against those attacks when they come. By: Margaret Zimmermann Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefings/schedule/#when-a-zero-day-and-access-keys-collide-in-the-cloud-responding-to-the-sugarcrm--day-vulnerability-32997