NorthSec 2020 (Online Edition)

Offensive Cloud Security Workshop
2020-05-15, 14:00–17:00, Workshop Track 2

The workshop is tailored towards individuals who have some experience with “the Cloud”, seeking to improve their proficiency at assessing the security of cloud hosted applications and infrastructures.


While security awareness and collective experience regarding the Cloud has been steadily improving, one common difficulty is applying theoretical knowledge to real-life scenarios. The workshop’s goal is to help attendees bridge this gap by understanding how conventional technologies integrate with Cloud solutions. Attendees will experience first-hand how security vectors that exist in such ecosystems present opportunities for compromise.

The workshop will include:

  • Introduction to the Cloud
    • Overview of AWS, Azure & GCP
    • Differences, similarities and important characteristics
  • Overview of security in the [multi-]Cloud
    • Identity and Access Management (IAM), Metadata Services and Credentials
    • Networking and firewalls
  • Scenarios
    • GCP – Leveraging CI/CD systems to gain a foothold into Cloud environments
      • Attendees will gain a foothold into a CI/CD environment, and leverage this initial compromise to access a number of cloud environments.
    • AWS – Lateral movement and privilege escalation
      • This scenario will have attendees move laterally to gain access to additional sensitive resources not accessible through the initial compromise.
    • Azure – Compromising Azure Applications
      • This scenario will introduce attendees to Azure's implementation of programmatic identities, and highlight how design choices present an opportunity for abuse.

The scenarios are based on NCC Group's research, incident response experience and on the knowledge acquired through countless cloud assessments carried out every year.


Workshops only: What materials (if any) should participants bring to the workshop? – Attendees will be provided access to instances with all the required tooling. All they need is a SSH client to access the instances. Workshops only: What level of knowlegde or prerequisites should participants have? – Attendees should have some experience with a major Cloud provider (AWS, Azure, GCP), and be proficient at assessing the security of applications and infrastructures (not necessarily cloud hosted).