Editor's Picks

Best Talks at Cloud Village @ DEF CON 33

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at Cloud Village @ DEF CON 33

  1. 1

    Identity Crisis: The Unmanaged World of Azure Managed Identities

    Alon Klayman, Eliraz Levi

    In the rapidly evolving landscape of cloud security, **Azure Managed Identities** (MIs) have emerged as a cornerstone for securing inter-service communication within Microsoft Azure. This talk, "Identity Crisis: The Unmanaged World of Azure Managed Identities," delivered by…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  2. 2

    No IP, No Problem: Exfiltrating Data Behind IAP

    Ariel Kalman

    In a compelling presentation at Cloud Village, Ariel Kalman, a Security Researcher at Mitiga, unveiled a novel data exfiltration technique targeting Google Cloud Platform's (GCP) **Identity-Aware Proxy (IAP)**. Titled "No IP, No Problem: Exfiltrating Data Behind IAP," the talk…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  3. 3

    Weaponizing SageMaker AI: Real-World Offense in Machine Learning Platforms

    Shani Peled

    In this compelling talk from Cloud Village, Shani Peled, a Senior Cloud Security Researcher at Sentinel One, unveiled a series of critical security vulnerabilities stemming from the default configurations of AWS SageMaker. Titled "Weaponizing SageMaker AI: Real-World Offense in…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  4. 4

    Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials

    Gautam Peri

    Gautam Peri, a Senior Security Engineer at Microsoft, delivered a highly technical talk at Cloud Village titled "Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials." This presentation sheds light on a critical, yet often overlooked, vulnerability…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  5. 5

    Restless Guests: From Subscription to Backdoor Intruder

    Simon Maxwell-Stewart

    In "Restless Guests: From Subscription to Backdoor Intruder," Simon Maxwell-Stewart unveils a critical, often overlooked attack vector within Microsoft Azure environments. The talk details how a Business-to-Business (B2B) guest user, despite possessing minimal or no explicit…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  6. 6

    SquarePhish 2.0 - Turning QR Codes into Entra ID Primary Refresh Tokens

    Nevada, Kam

    In this insightful talk at Cloud Village, Nevada and Kam from CrowdStrike unveiled **SquarePhish 2.0**, an advanced phishing framework designed to weaponize QR codes for the acquisition of **Primary Refresh Tokens (PRTs)** from Microsoft Entra ID (formerly Azure Active…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  7. 7

    whoAMI: Discovering and exploiting a large-scale AMI name confusion attack

    Seth Art

    In this compelling talk at Cloud Village, Seth Art, a Security Advocate and Researcher at DataDog, unveiled a significant security vulnerability dubbed "whoAMI" – a large-scale name confusion attack targeting Amazon Machine Images (AMIs). This attack, which leverages insecure…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  8. 8

    Braving the Storm-2372: The Tempest Decoded

    Jenko Hwong

    Jenko Hwong's Cloud Village talk, "Braving the Storm-2372: The Tempest Decoded," provides a critical and in-depth analysis of the Microsoft-attributed Storm-2372 attack campaign. While Microsoft's February 2023 update initially highlighted **device code phishing**, Hwong argues…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  9. 9

    Auths Gone Wild: When ‘Authenticated’ Means Anyone

    Danielle Aminov, Yaara Shriki

    In the rapidly expanding landscape of cloud computing, organizations increasingly rely on cloud service providers (CSPs) like AWS, GCP, and Azure to store their most sensitive data—from customer PII to proprietary secrets. Ensuring the privacy and security of this data is…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆
  10. 10

    May the Least Privilege Be With You

    Marios Gyftos, Nikos Vourdas

    In the evolving landscape of cloud security, organizations are increasingly aware of the need to secure user identities. However, a significant blind spot often remains: the security posture of **service principals** and **enterprise applications** within cloud environments…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆
  11. 11

    Sweet Deception: Designing Effective M365 Honey Tokens

    Ryan O'Donnell

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆
  12. 12

    Building the Cross-Cloud Kill Chain: A DE's Playbook for AWS, Azure & GCP Detections

    Gowthamaraj

    In an era where enterprises increasingly adopt **multi-cloud strategy**, securing diverse cloud environments has become a paramount challenge for defenders. This talk by Gowthamaraj, a Threat Detection Engineer at Meta, delves into the intricacies of building robust detection…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway SOLID ★★★☆☆

View all talks at Cloud Village @ DEF CON 33 →