New Azure Configuration Scanner tool and Common Attack Chains in the Cloud
In Feb 2018 the Center for Internet Security (CIS) released their Azure Foundation Benchmark 1.0. Praetorian has been using this in pentration tests and built an automated scanner which will be open-sourced in the coming weeks. We will cover the capabilities of the scanner as well as common mis-configurations, weaknesses and attack chains in the cloud.
Kesten Broughton has a combined honours degree in Math and Physics from the University of British Colombia in Canada. He is a mentor for the Stanford Machine Learning Coursera Course and has spent the last six years in the field of DevOps at various companies in Austin Texas. Kesten has focused on delivering automated, monitored and secured deployments in cloud and bare-metal environments. He has a passion for automation and orchestration tools like Ansible, Terraform, Docker, Kubernetes, Hashicorp Vault, Jenkins, Visual Studio and PowerShell. He has worked on teams responsible for 1000+ vms with a monthly regeneration cycle of highly tuned custom-built images with seamless auto-failover. His work at Praetorian ranges from source code review, to data protection defenses, web pen-testing and cloud architecture reviews. His interests include machine learning, cryptography, secure software review and research and development of new cloud security automation tools. Kesten is passionate about the corporate security journey of finding security issues, identifying best tools and practices and building capacities with clients.
- Azure Austin Meetup 42 Recordings
- Cloud Security 1 Recording