One Click, Six Services: Abusing the Dangerous Multi-service Orchestration Pattern
fwd:cloudsec via YouTube
AI, Data Science & Cloud Certificates from Google, IBM & Meta
AI Engineer - Learn how to integrate AI into software applications
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Watch a 20-minute conference talk from fwd:cloudsec where Senior Security Researcher Liv Matan explores the hidden security implications of cloud service orchestration. Discover how a single click in cloud platforms like GCP can trigger multiple interconnected services, creating potential security vulnerabilities. Learn about a novel privilege escalation vulnerability uncovered in GCP's cloud functions deployment flow that allowed code execution as the default Cloud Build service account. Understand the broader security implications of cross-service dependencies in cloud architectures, and gain insights into tools and techniques for uncovering hidden APIs and potential attack vectors. Explore real-world examples demonstrating how treating cloud services as black boxes can lead to security risks, and learn practical approaches to understanding and securing multi-service deployments in cloud environments.
Syllabus
One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern - Liv Matan
Taught by
fwd:cloudsec