Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore source IP spoofing techniques across major cloud platforms in this technical conference talk that demonstrates how attackers can manipulate log entries using legitimate cloud features. Learn how combining VPC endpoints with customizable internal IP ranges allows credential-wielding attackers to make API calls that appear in victim logs with arbitrary source IPs, requiring no packet manipulation—just using cloud services as designed. Discover the fundamental principles behind this technique, including within-VPC cloud API access and flexible internal IP control, while examining how cross-tenant identity usage differs across AWS, Azure, and GCP architectures. Understand the real-world abuse potential of these methods: feasible but detectable in AWS, largely ineffective in Azure, and problematic in GCP. Master detection strategies by learning which log fields to monitor and how to distinguish malicious activity from legitimate operations. Gain insights from detailed technical demonstrations showing how the same theoretical concept performs differently across three distinct cloud architectures, including discoveries of cross-tenant issuer validation bugs and comprehensive analysis of each platform's handling of internal control-plane API calls using external tenant identities.
