AppSecCali 2019 - Detecting Credential Compromise in AWS - Will Bengtson

NUTNN7W4Pro/default.jpg

Credential compromise in the cloud is not a threat that one company faces, rather it is a widespread concern as more and more companies operate in the cloud. Credential compromise can lead to many different outcomes depending on the motive of the attacker who compromised the credentials. In some cases in the past, it has led to erroneous AWS service usage for bitcoin mining or other non-destructive yet costly abuse, and in others it has led to companies shutting down due to the loss of data and infrastructure.

This presentation describes an approach for detection of compromised credentials in AWS without needing to know all IPs in your infrastructure beforehand.


Will Bengtson
Senior Security Engineer, Netflix
Will Bengtson is senior security engineer at Netflix focused on security operations and tooling. Prior to Netflix, Bengtson led security at a healthcare data analytics startup, consulted across various industries in the private sector, and spent many years in the Department of Defense.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

NUTNN7W4Pro/default.jpg
AppSecCali 2019 - Detecting Credential Compromise in AWS - Will Bengtson AppSecCali 2019 - Detecting Credential Compromise in AWS - Will Bengtson Reviewed by Unknown on March 27, 2019 Rating: 5