Rootconf Delhi edition

Rootconf Delhi edition

On network engineering, infrastructure automation and DevOps

Rootconf is a platform to discuss real-world problems around Site Reliability Engineering (SRE), DevOps for data engineering platforms, evaluating and adopting technologies such as Kubernetes and containers, and DevSecOps.

Rootconf Delhi edition will be held on 18 January 2020 at the India International Centre (IIC).

Speakers from Flipkart, Hotstar, MindTickle, Red Hat and Naukri.com will discuss the following topics:

  1. Scaling and engineering challenges from Hotstar’s and Flipkart’s experiences.
  2. Data store choices.
  3. Kubernetes and K8s – when to choose what and why?
  4. DevSecOps

Who should attend Rootconf:

  1. Operations engineers
  2. DevOps programmers
  3. Software developers
  4. SRE
  5. Tech leads

To know more about Rootconf, check the following resources:

  1. hasgeek.com/rootconf
  2. https://www.youtube.com/channel/UCDHao9FxNRHw1VyLuGXI_rA

Sponsors:

Click here to view the Sponsorship Deck.
Email sales@hasgeek.com for bulk ticket purchases, and sponsoring the above Rootconf Series.


Rootconf Delhi sponsors:


Silver Sponsor

Verizon

Bronze Sponsors

upcloud SumoLogic

Community Partner

IFF Null Delhi

For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to info@hasgeek.com.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Vaibhav Gupta

@vaibhavg

Attack & Defense in AWS Environments

Submitted Nov 30, 2019

Abstract:
AWS is the most widely used cloud environments today and almost every security professional has to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop, we will teach participants with some neat tools, techniques, and procedures to attack the most widely used AWS services as well as to defend them. Below is the broad agenda for the workshop:

  • Recon + Attacking S3 buckets
  • Exploiting web application flaws to compromise AWS services
  • Attacking Serverless applications
  • Defending networks in AWS
  • Automating defenses/security monitoring in AWS environments

Takeaways:
Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to the cloud. And subsequently, design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Workshop lab manual
- Bonus labs access for 15 days

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security

Outline

Detailed Outline:
Quick primer of AWS (15 min)

Explaining the virtual target enterprise scenario (5 min)

Recon + Attacking S3 buckets (25 Mins)
- Buckets enumeration
- Exploiting anonymous public Permissions
- Exploiting AWS public permissions [DEMO]
- Sub-domain takeovers [LAB]
- Protecting account wide buckets [DEMO]

Exploiting web application flaws to compromise AWS services (40 Mins)
- Enumerating and exploiting SSRF vulnerability
- Leveraging SSRF to exploit AWS metadata service [LAB]
- Gaining access tokens from Metadata service to access other AWS resources [LAB/DEMO]

Attacking Serverless applications (40 Mins)
- Understanding Serverless (Lambda) functions
- Misconfigurations in Lamba
- Example application layer attack on Lambda [LAB]

Defending networks in AWS (15 Mins)
- Attacking and defending internal VPCs [LAB/DEMO]

Automating defenses/security monitoring in AWS environments (30 Mins)
- Concepts of Logging in AWS
- Setting up automated logging in AWS
- Deletion of Lamba activity logs [LAB/DEMO]

Conclusion and Wrap up (10 Mins)

Requirements

Prerequisites for students:
- Need to have AWS account (Free-tier)
- Basic understanding of AWS

Speaker bio

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~10 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications and cloud environments.
He has shared his knowledge at multiple international platforms like Blackhat USA, OWASP AppSec Europe, Nullcon, BSides Las Vegas, Defcon USA, etc. He is a strong supporter of open communities and is leading OWASP, BSides, and Null in Delhi region.
LinkedIn: https://www.linkedin.com/in/vaibhav0
Twitter: https://twitter.com/VaibhavGupta_1

Sandeep Singh:
Sandeep is a Security Managing Consultant with NotSoSecure, a specialist IT Security company. He has over 5 years of experience in delivering high-end security consulting services to clients across the globe. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more