Post compromise: Uncovering Clouds and Assessing at Lightning Speed Karim El Melhaoui

Описание: In the aftermath of a major cyber incident, we faced an unexpected challenge: uncovering and securing cloud environments scattered across the organization. This talk shares the journey of discovery, assessment, and governance implementation for four different cloud providers during a post-compromise rebuild.

We’ll detail how we leveraged Python, PowerShell, REST APIs, and even duct tape to:

Identify shadow cloud subscriptions while only having a out of band environment
Rapidly assess security postures across multiple cloud platforms
Implementing a minimal viable architecture and governance

Speed was of the essence. We’ll discuss the tools, techniques, and improvised solutions that allowed us to act swiftly during an incident response. We will dive into practical strategies for turning chaos into order when time is critical.


Karim El-Melhaoui:
Karim is a renowned thought leader within cloud security. At O3 Cyber, he conducts research and development. Karim focuses on our clients in the Financial Industry and Enterprise customers. Karim has a background in building and operating platform services for security on private and public clouds, developing and executing a cyber security strategy for the worldʼs largest sovereign wealth fund.

------

BSides Oslo is an independent, community-driven inclusive information security conference. As a part of the global Security BSides network, the conference creates a space for members of the international and local information security communities to come together and share their knowledge and experiences. BSides Oslo is intended for anyone who works with, studies or has an in interest in infosec.