All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Friday 10/09 @ 1700-1755 PDT

Amazon Web Services (AWS) is one of the most popular ways for companies large and small to deploy their software and infrastructure. That popularity makes it a prime target for attackers, but what do attacks in AWS even look like? We’ve all heard of the SSRF to metadata trick, but what else can attackers do? With this talk we’ll dive into the tactics, techniques, and procedures a modern Penetration Testing or Red Team can leverage to exploit cloud infrastructure/applications, and what defenders can do to make this more difficult.

Nick Frichette currently works as the team lead for the Penetration Testing Team at a large financial services company. His primary focus is on web application and AWS with a dash of containerization. In his free time he does vulnerability research, blogs regularly on his website, collects certifications, and spends...

Read More

twitter @frichette_n

© 2023 ShellCon