AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Dive into a comprehensive exploration of storage service vulnerabilities in cloud environments during this 40-minute conference talk from the Hack In The Box Security Conference. Learn about the critical role of storage services in cloud infrastructure and discover various attack vectors, including exploiting writable public storages and authenticated user access. Examine real-world case studies, such as the Rocket.chat installer vulnerability and the fwupd CVE-2020-10759. Gain insights into attack methodologies, including enumeration techniques for AWS S3 buckets, identification and exploitation of Azure SAS URLs, and post-exploitation strategies like credential harvesting. Explore specific scenarios, including SSRF to EC2 takeover, PaaS attacks on Elastic Beanstalk, and AWS Cognito analysis. Receive practical advice on implementing periodic scans using Scout Suite and preparing for potential disasters. Conclude with vendor warnings and additional reference materials to further enhance your understanding of cloud storage security.
