DEF CON Forum Site Header Art


No announcement yet.

Cloud-Native Attack Detection and Simulation.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cloud-Native Attack Detection and Simulation.

    Title: Cloud-Native Attack Detection and Simulation.

    The cloud brings a broad range of benefits from a security perspective, including network isolation by default, strong identity controls and unprecedented visibility. It does, however, bring many changes and unique challenges of its own when compared to an on-premise estate, with modern cloud environments make heavy use of containerisation, serverless functions and other new paradigms. As such, many of the data sources used for threat hunting and attack detection in traditional environments are no longer available. In addition, most attacks consist of abusing legitimate functionality, making it challenging at times to differentiate the malicious from the benign.

    Based on first-hand experience attacking and defending large enterprises, this talk will compare and contrast the benefits and challenges of attack detection in the cloud against on-premise detection, and highlight some of the key advantages, common pitfalls and key data sources. It will also offer advice and guidance on developing your own cloud attack detection capabilities in house.

    Lastly, it will present Leonidas - a cloud native toolchain that allows users to easily define, simulate and detect new attack vectors and techniques against cloud environments, all tied back to the MITRE ATT&CK framework. This will include deploying and using Leonidas, constructing and executing an attack path end-to-end, and how to implement your own test cases. It'll also cover Leonidas into your detection stack to track improvement over time and support learning and skills development within your team.




    Speaker(s): Nick Jones

    Location: Cloud Vlg


    Event starts: 2020-08-09 12:30 (12:30 PM) PDT (UTC -07:00)

    Event ends: 2020-08-09 13:30 (01:30 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-08T05:44 (UTC).
    August 9, 2020 12:30
    August 9, 2020 13:30
    Cloud Vlg
    Last edited by aNullValue; August 8, 2020, 00:21.