Name: Attacking and Defending Infrastructure with Terraform: How we got admin across cloud environments
Start: 2022-06-05T15:30:00-0700
End: 2022-06-05T16:20:00-0700

Back To Schedule

Attacking and Defending Infrastructure with Terraform: How we got admin across cloud environments

Feedback form is now closed.

In this talk we'll demonstrate how to attack Terraform Enterprise and Terraform Cloud to exfiltrate secrets and deploy malicious applications and infrastructure into production cloud environments undetected. Then we'll show you how we worked with HashiCorp to best mitigate it.

Speakers

Mike Ruth

Staff Security Engineer, Brex

Mike is a Staff Security Engineer at Brex, where he helps in securing one of the world’s best Financial Technology platforms. Previously the technical lead for Infrastructure Security at Cruise, Mike has over a decade of experience securing, designing, and deploying cloud infrastructure... Read More →

Francisco Oca

Offensive Security Engineer, Robinhood

Francisco Oca is an Offensive Security Engineer at Robinhood. He has been in infosec for more than a decade, working on security tools development, pentesting, malware analysis, vulnerability research and red teaming. He co-authored Ponce, winner of the 2016 HexRays IDA Pro Plug-In... Read More →

Attacking and Defending Infrastructure with Terraform How we got admin across cloud environments pdf

Sunday June 5, 2022 3:30pm - 4:20pm PDT
Theater 14

Talk

BSidesSF 2022

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mike Ruth

Francisco Oca