Sanne Maasakkers Senior Analyst, Mandiant (part of Google Cloud)
Talk: Researchers vs. Threat Actors in Cloud Attacks
Talks will be streamed on YouTube and Twitch for free.
Security researchers push the boundaries of what’s possible. (Nation-state) threat actors push the boundaries of what’s exploitable. In many cases, threat actors adopt public research for their operations, but there are also many examples where threat actors use novel techniques to compromise cloud environments before researchers publish their findings.
In this talk, a cloud security researcher and a threat intelligence analyst team up to explore how cutting-edge cloud attack research is rapidly weaponized by espionage threat groups. We’ll walk through real-world examples where newly published techniques – intended to educate defenders – were adopted and operationalized by nation-state actors targeting cloud environments. The focus of the talk will be on Entra ID and Microsoft 365 attacks, exploring both the technical mechanics behind the tools and techniques, why threat actors are interested in utilizing them and real-world example of research adoption. Examples of techniques cover include device code phishing, authorization code phishing (ConsentFix) and the adoption of open source security tools.
This session highlights how attack paths that may seem highly theoretical at first glance can pose a significant and immediate threat to organizations operating in the cloud. What starts as a proof-of-concept in a blog can quickly become a part of a threat actor’s playbook.