08:00 - 09:10

Attendant Registration Time

09:10 - 09:30

Welcome Speech

09:30 - 09:55

Event Introduce

09:55 - 10:40
10:40 - 10:55

Break

10:55 - 11:40
11:40 - 12:40

Lunch

12:40 - 13:25
13:25 - 13:40

Break

13:40 - 14:25
14:25 - 14:55

Tea Time

14:55 - 15:40
15:40 - 15:55

Break

15:55 - 16:40
16:40 - 16:55

Break

16:55 - 17:40
17:40 - 17:50

Closing

空降危機:雲端攻防二三事

Looking back to the advent of the cloud era, enterprises had to go through a time-consuming process when setting up services, which not only reduced development efficiency, but also made maintenance costs increase significantly. However, in the cloud era, the trivial steps in the past have been simplified to be completed directly on the web, effectively enhancing the speed of service deployment and causing major enterprises to go to the cloud one after another. And recently, under the influence of the global epidemic, remote work has gradually become a must-have standard in the industry, which has led to an explosive growth in cloud demand. The popularity of the cloud can be said to provide people with a convenient life, but at the same time, the hidden information security risks behind it are gradually surfacing on the table.

  1. overly complex application settings: in order to meet the diverse usage situations, cloud platforms often provide very detailed application settings, but this is likely to cause users to misuse them without fully grasping the situation, which further becomes a breach of cloud information security.
  2. difficult to manage Identity and Access Management (IAM): Although IAM can limit illegal access to resources, as organizations grow in size, the management of IAM can become more complex, even creating the existence of undetectable Shadow admin.
  3. Over-privilege by default: Some cloud platforms provide over-privilege by default for a smooth user experience (e.g. GCP's Default service account), but over-privileged user accounts, if unfortunately exploited by malicious people, are likely to attract more serious attacks.
  4. Enterprise defense boundary blurring: In response to the increasing number of enterprises adopting a mixed use of internal deployment and cloud applications, many cloud platforms have begun to provide hybrid identification, synchronizing identity authentication information between the cloud and the ground, allowing users to enjoy all resources inside and outside the enterprise through a single login. However, this will blur the boundary of enterprise defense and may even leave a back door for attackers to enter the ground.
  5. Best Practice (Best Practice) is too abstract and subjective: In order to meet business information security requirements, the cloud platform provides best practices for enterprises and users to refer to, but these best practices are often too abstract and subjective, and it is difficult for users to properly measure whether they meet the requirements and principles.

This agenda explores information security issues in the cloud from the perspective of the red team, and provides a complete analysis of the security configurations and attack methods of the three major providers - AWS, Azure, and GCP. First, the agenda will compare the similarities and differences of IAM mechanisms among the three platforms, and further explore the blind spots of IAM mechanisms and combinations that can easily generate Shadow admin. Next, the speaker will walk the audience through the most serious cloud attacks and APT cases in recent years, and take them through the complete post-penetration attack chain and ideas, including power extraction, lateral expansion, and data stealing techniques, and share how to use the MITRE ATT&CK information security framework to counteract the attacks.

Audience with red team background can learn the difference between cloud and ground-based post-penetration and how to use the native functions provided by the cloud to achieve such goals as power extraction; while audience with blue team background can learn how to evaluate and configure the environment to avoid becoming a breeding ground for hackers. At the end of the agenda, the speakers will also share open source assessment tools and echo the best practices proposed by the cloud platform to help enterprises assess their cloud security posture through a scientific approach.