Dylan, Frenchie & the Chamber of Secrets (Red Teaming in Zero Trust: No Malware Needed)
who: Frenchie & Dylan
when: Fri, 12 Nov 2021 11:00:00 +1300
where: The Michael Fowler Centre
In a zero trust network it’s becoming harder to attack endpoints, and move through traditional networks, so let’s look at the new frontier: cloud and SaaS. We’ll walk through some examples of attacking a company where the initial foothold is via leaked secrets in Slack, or Pastebin. From that first SaaS service, we’ll show off being able to jump to other SaaS services recursively, until eventually the whole farm is compromised. At the heart of all this is API keys and credentials scattered throughout your collaboration tools and engineering tools. We’ll also cover practical ways to remediate the issues we discover, such as setting up Secrets Management tools at scale. We’ll also cover pragmatic factors that play a vital role, such as least privilege both in regards to who has access to which secrets, what those secrets have access to, and how long those secrets live for. Finally we’ll discuss some defensive quick easy wins such as data retention policies and canaries.
Not a Harry Potter Fanfic, but pretty damn close.
Frenchie & Dylan