Hack the Cloud Hack the Company: the Cloud Impact on Enterprise Security
Kevin Dunn at AppSec USA 2015
iSEC Partners routinely carry out Attacker Modeled Penetration Tests that use any and all means possible to gain entry to a company. The goal is to test organizations against true-to-life attack and penetration activities that real attackers use in the breaches that make headline News (and the breaches that don't).
Organizations that use Cloud Services to provision an operating environment to support a product, or use Cloud Service Providers to outsource elements of traditional enterprise IT into the Cloud, can find those very aspects used against them in an attack. While the potential attack surface for a breach changes, in many ways the use of Cloud infrastructure can make it easier for an attacker to gain access to critical systems and data. In this session the speaker will describe methods of penetration used during recent tests, illustrating how Cloud Services are viable entry points that lead to significant compromises.
Kevin Dunn
Technical VP, NCC Group
Kevin Dunn is Technical Vice President for NCC Group in Austin, TX. Kevin has been a professional security consultant for over 14 years, working on diverse projects and challenging technologies for the world’s largest and most demanding companies. He has delivered technical training and spoken at security conferences all over the USA and Europe across the majority of his career. His current responsibilities include active delivery of security projects, while managing a talented highly technical team of Pentesters. Kevin works closely with Fortune 100 companies, covering Oil & Gas, Finance and Software sectors, developing strategic security assessment and advisory services for NCC Group from his office base of operations in Austin.
Organizations that use Cloud Services to provision an operating environment to support a product, or use Cloud Service Providers to outsource elements of traditional enterprise IT into the Cloud, can find those very aspects used against them in an attack. While the potential attack surface for a breach changes, in many ways the use of Cloud infrastructure can make it easier for an attacker to gain access to critical systems and data. In this session the speaker will describe methods of penetration used during recent tests, illustrating how Cloud Services are viable entry points that lead to significant compromises.
Kevin Dunn
Technical VP, NCC Group
Kevin Dunn is Technical Vice President for NCC Group in Austin, TX. Kevin has been a professional security consultant for over 14 years, working on diverse projects and challenging technologies for the world’s largest and most demanding companies. He has delivered technical training and spoken at security conferences all over the USA and Europe across the majority of his career. His current responsibilities include active delivery of security projects, while managing a talented highly technical team of Pentesters. Kevin works closely with Fortune 100 companies, covering Oil & Gas, Finance and Software sectors, developing strategic security assessment and advisory services for NCC Group from his office base of operations in Austin.