BSidesSF 2022 has ended
Back To Schedule
Sunday, June 5 • 3:30pm - 4:20pm
Attacking and Defending Infrastructure with Terraform: How we got admin across cloud environments

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this talk we'll demonstrate how to attack Terraform Enterprise and Terraform Cloud to exfiltrate secrets and deploy malicious applications and infrastructure into production cloud environments undetected. Then we'll show you how we worked with HashiCorp to best mitigate it.

avatar for Mike Ruth

Mike Ruth

Staff Security Engineer, Brex
Mike is a Staff Security Engineer at Brex, where he helps in securing one of the world’s best Financial Technology platforms. Previously the technical lead for Infrastructure Security at Cruise, Mike has over a decade of experience securing, designing, and deploying cloud infrastructure... Read More →
avatar for Francisco Oca

Francisco Oca

Offensive Security Engineer, Robinhood
Francisco Oca is an Offensive Security Engineer at Robinhood. He has been in infosec for more than a decade, working on security tools development, pentesting, malware analysis, vulnerability research and red teaming. He co-authored Ponce, winner of the 2016 HexRays IDA Pro Plug-In... Read More →

Sunday June 5, 2022 3:30pm - 4:20pm PDT
Theater 14