The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Nội dung được cung cấp bởi Cloud Security Podcast Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Cloud Security Podcast Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Tương tự như Cloud Security Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants – The Twitter Fantasy – will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internet’s town square, for better and for worse? And where is it heading, ...
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
GETTING STARTED WITH HACKING AWS CLOUD
Manage episode 351946449 series 2853525
Nội dung được cung cấp bởi Cloud Security Podcast Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Cloud Security Podcast Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP.
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Nick Frichette (Nick's Linkedin)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
Spotify TimeStamp for Interview Questions
(00:00) Introduction
(02:38) snyk.io/csp
(03:26) A bit about Nick
(04:15) How is Security research different?
(05:55) How to approach cloud security research?
(07:24) How to pick the service you want to research?
(08:51) What is AWS AppSync?
(09:30) What is Confused Deputy Vulnerability?
(10:16) The AppSync Vulnerability
(12:09) Cross Account in AWS
(13:41) Blue Teaming Controls when doing research
(14:22) Framework for detective controls
(16:01) What to do if you find an AWS vulnerability?
(17:20) Legal constraints of security research
(20:13) Where to get started in Cloud Security Research?
(22:45) Are some misconfigurations becoming less common?
(24:59) What is IMDSv2 and how is it different to IMDSv1?
(27:00) Why is SSRF bad?
(28:52) Cloud Pentesting Platforms
(29:57) The story being hacking the cloud
(31:25) Who should think about breaking the cloud?
(34:02) Cloud Security Research Tools
(36:38) How to access AWS environment for research?
(39:12) Security Lab Resources
(40:04) The Fun Questions
See you at the next episode!
259 tập
Chia sẻ
Manage episode 351946449 series 2853525
Nội dung được cung cấp bởi Cloud Security Podcast Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Cloud Security Podcast Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP.
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Nick Frichette (Nick's Linkedin)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
Spotify TimeStamp for Interview Questions
(00:00) Introduction
(02:38) snyk.io/csp
(03:26) A bit about Nick
(04:15) How is Security research different?
(05:55) How to approach cloud security research?
(07:24) How to pick the service you want to research?
(08:51) What is AWS AppSync?
(09:30) What is Confused Deputy Vulnerability?
(10:16) The AppSync Vulnerability
(12:09) Cross Account in AWS
(13:41) Blue Teaming Controls when doing research
(14:22) Framework for detective controls
(16:01) What to do if you find an AWS vulnerability?
(17:20) Legal constraints of security research
(20:13) Where to get started in Cloud Security Research?
(22:45) Are some misconfigurations becoming less common?
(24:59) What is IMDSv2 and how is it different to IMDSv1?
(27:00) Why is SSRF bad?
(28:52) Cloud Pentesting Platforms
(29:57) The story being hacking the cloud
(31:25) Who should think about breaking the cloud?
(34:02) Cloud Security Research Tools
(36:38) How to access AWS environment for research?
(39:12) Security Lab Resources
(40:04) The Fun Questions
See you at the next episode!
259 tập
Tất cả các tập
×
Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.
Tương tự như Cloud Security Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants – The Twitter Fantasy – will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internet’s town square, for better and for worse? And where is it heading, ...
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
