[Dailydave] Andrew Johnson / Sacha Faust - Cloud Post Exploitation Techniques @ Infiltrate 2017
Dave Aitel
2017-05-30 16:33:16 UTC

So imagine if instead of trying to use SMB everywhere inside corporate
networks it had used Active Directory techniques, or maybe a bit of both?

And in addition, people have poorly understood the risks of the way the
Active Directory model was ported to the cloud. Amazon and Azure and Google
all kinda work the same, and all present similar risks, and MANY of these
risks are fogged up by the difficulties of working through what is actually
happening behind the scenes through crazy complex APIs and GUIs.

Right now, we are in that same phase most people are also in with Active
Directory, where when you're doing cloud-permissions for your team of
developers you end up having to make each one of them "owners" because
otherwise nothing works. But the services we're creating and offering are
massively complex and have extremely strange security layers since they are
a mix of IaaS and SaaS and API-As-A-Service.

Anyways, let's start with Lateral Movement and Persistence. Go WATCH THE

And come to INFILTRATE next year. We are working hard on improving it, by,
among other things, getting latte's available. Miami, surprisingly, is
usually amazing at coffee. I hate those big tubs of coffee you usually get
at a conference, as do most of you, and I want to make sure we have REAL
coffee next year. :)

