Securing the cloud: Policy as Code and post-exploitation techniques


Karim El-Melhaoui
11:30 am - 12:30 pm
Room 2

Most organizations already started moving or are planning to move to the cloud the next year. Are your organization ready to tackle the security challenges faced in the cloud? Going from a private datacentre to a public cloud for your internal systems means your just a click away from publicly exposing sensitive information. Does your threat model cover the cloud? This session will demonstrate how to secure your cloud environment using “Policy as Code”, in addition it will cover demonstrations of different attack vectors that allows for reconnaissance, privilege escalation and gaining foothold in your cloud environment for both Azure and AWS.