BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.nsec.io//E7LDLH BEGIN:VTIMEZONE TZID:EST BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:STANDARD DTSTART:20071104T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000402T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20070311T030000 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-2026-E7LDLH@cfp.nsec.io DTSTART;TZID=EST:20260514T133000 DTEND;TZID=EST:20260514T163000 DESCRIPTION:Type: Intermediate–Advanced\nFocus: Adversary emulation\, det ection engineering\, IR workflows\nStyle: Fast\, offensive-defensive\, “ learn by attacking and defending”\n\n\nCloud platforms like Amazon Web S ervices (AWS) are foundational to many critical infrastructures and enterp rise applications\, making them prime targets for attackers. In this sessi on\, we will not only explore the most relevant attack vectors cybercrimin als use to compromise AWS infrastructures but will also simulate these att acks using known threat actor techniques in an adversary emulation context . From initial access to hardcore persistence\, this talk will provide a c omprehensive look at how attackers operate in AWS environments.\n\nWe will take a technical journey through the tactics\, techniques\, and procedure s (TTPs) employed by attackers at every stage of the threat lifecycle\, al igned with the MITRE ATT&CK framework. We’ll start by reviewing common m ethods of initial access\, such as exploiting exposed credentials or vulne rabilities in services like IAM\, Lambda\, and EC2. From there\, we’ll d etail how attackers escalate privileges\, move laterally\, and evade detec tion from tools like CloudTrail.\n\nThe session will conclude with an in-d epth look at advanced persistence techniques in AWS\, including the manipu lation of IAM policies\, backdooring Lambda functions or Docker containers \, and tampering with logs. Along the way\, we’ll demonstrate how securi ty teams can implement defensive and detection strategies to mitigate thes e risks. By leveraging AWS-native services and third-party tools\, attende es will learn how to enhance their incident response capabilities.\n\nThis hands-on workshop will give attendees practical\, technical insights into AWS security\, adversary behavior\, and how to better defend against soph isticated\, persistent attacks. A full hands-on experience\, this presenta tion ensures deep technical immersion.\n\nRequirements:\nParticipants shou ld have the following ready before the training:\nAWS CLI installed\nTerra form installed\nGitHub account for cloning lab repos\nKnowledge of AWS Sec urity Fundamentals\n\n\nAn email with detailed setup instructions will be sent beforehand.\nProvided Material:\nGithub Repository with the solution to the workshops\n\nFinal Notes\nThis training is designed for security en gineers\, SOC analysts\, incident responders\, and anyone who wants to tru ly understand AWS security through hands-on work. By the end of the sessio n\, you’ll have a deep understanding on how real attack and defense tech niques work in AWS\, being able to understand the hardening requirements\, replicate attacks\, generate detection use cases\, and execute forensic t echniques. DTSTAMP:20260507T212337Z LOCATION:Workshop 2 SUMMARY:AWS Security - The Purple Team Way. - Santiago Abastante URL:https://cfp.nsec.io/2026/talk/E7LDLH/ END:VEVENT END:VCALENDAR