Attacking Modern Environments Series: Attack Vectors on Terraform Environments- 1 min
I have given a talk about my latest research, “Attack Vectors on Terraform Environments”.
About the talk
Ever come across an environment in an engagement that uses Terraform for IAAC (infrastructure-as-code) management? Almost every modern company does now.
In this talk, I will be sharing techniques and attack vectors to exploit and compromise Terraform environments in engagements, as well as patterns that I have seen that achieve successful infrastructure takeover against companies. I will be also covering detection and prevention methods for each attack vector discussed in my talk.
This is part of my work-in-progress research in cloud security and attacking modern environments.
- Interview With the AppSec Podcast: Terraform Security
- tfquery: Run SQL queries on your Terraform infrastructure
- DDoS is not Dead: Building a Scalable DDoS Framework
- Interview with Sectastic Podcast: How I started, What is FullHunt, and How are Security Startups in the GCC Region
- Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom