Скачать или смотреть Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP

Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP

Скачать Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP

Source IP Spoofing in Cloud Logs: A Hands-On Look Across AWS, Azure, and GCP
Eliav Livneh

Abstract:
A few years ago, I stumbled across something odd in AWS: by combining VPC endpoints with customizable internal IP ranges, an attacker with stolen credentials could make API calls that show up in the victim’s logs with whatever source IP they wanted. No packet trickery - just using AWS as designed.
Recently, I revisited this idea and tried to pull off the same thing in Azure and GCP. Along the way, I learned a lot, found a bug in cross-tenant issuer validation, and came away with a much clearer picture of how each cloud handles internal control-plane API calls made using identities from other tenants.
In this talk, I’ll walk through:
How the technique works in principle: combining within-VPC cloud API access and flexible control over internal IPs.
How the ability to use identities from one tenant to call the cloud control plane in another (not cross-tenant resource access!) works differently in each cloud - and how that affects the technique.
What this means for real-world abuse potential: in AWS it’s feasible but detectable, in Azure it’s mostly a no-op, and in GCP... 🤦
And finally, how to detect it: which log fields to look at, and how to distinguish this behavior from legitimate activity.
If you join, expect a technically detailed walkthrough of what happened when I tried to force-fit the same theoretically portable idea into three clouds with very different architectures - and the lessons learned.

Eliav Livneh:
Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.

Recorded at fwd:cloudsec Europe 2025
https://fwdcloudsec.org/

Комментарии

Информация по комментариям в разработке