Demystifying Cloud Infrastructure Attacks

Abstract

Threat actor tactics in a classic on-premises environment are well documented and understood. For example, extracting credentials from memory and then pass-the-hash is a common technique to move laterally in Windows. But how do threat actors move laterally between cloud workloads and compute instances? What are the common persistence techniques, and what are the high value targets we need to protect?

Alexander is Principal Forensic Consultant at Truesec and will in this session share his learnings from over 10 000 billable hours of enterprise forensics. You will learn how cloud tactics differ from on-premises and see the latest techniques used in real attacks against cloud infrastructure.

Alexander

Alexander is a Principal Forensic Consultant at Truesec where he focuses on incident response, threat intelligence, and security research. Alexander spends most of his time providing incident response to companies that have suffered from a cyber attack. He has responded to several hundred complex incidents, including nation state-backed attacks and ransomware against global organizations. Alexander also performs offensive and forensic research, and is responsible for developing Truesec’s forensic tooling.