Cloud Village @ DEF CON 33

August 7-10, 2025 · Las Vegas, NV · 38 talks

DEF CON 33 Cloud Village — talks and hands-on labs on AWS, Azure, GCP, Kubernetes, and serverless attack and defense.

→ See editor’s top picks at Cloud Village @ DEF CON 33

• No Server, No Cry: the Ups and Downs of Building a Scalable Security Serverless Platform — Aviram

  In this insightful talk from Cloud Village, Aviram, Co-founder and Chief Research and Innovation Officer at JIT, delves into the complexities and crucial considerations of securing a complete…

• Identity Crisis: The Unmanaged World of Azure Managed Identities — Alon Klayman, Eliraz Levi

  In the rapidly evolving landscape of cloud security, **Azure Managed Identities** (MIs) have emerged as a cornerstone for securing inter-service communication within Microsoft Azure. This talk…

• Auths Gone Wild: When ‘Authenticated’ Means Anyone — Danielle Aminov, Yaara Shriki

  In the rapidly expanding landscape of cloud computing, organizations increasingly rely on cloud service providers (CSPs) like AWS, GCP, and Azure to store their most sensitive data—from customer PII…

• Transforming Identity Protection: Innovating with AI and Attack Paths — Filipi Pires

  In this insightful talk from Cloud Village, Filipi Pires, Head of Identity Advocate at Segura, delves into the critical and often overlooked realm of identity protection in cloud environments…

• No IP, No Problem: Exfiltrating Data Behind IAP — Ariel Kalman

  In a compelling presentation at Cloud Village, Ariel Kalman, a Security Researcher at Mitiga, unveiled a novel data exfiltration technique targeting Google Cloud Platform's (GCP) **Identity-Aware…

• Command and KubeCTL: Kubernetes Security for Pentesters and Defenders — Mark Manning

  In this Cloud Village talk, Mark Manning, a seasoned expert in container security, delves into critical, real-world attack scenarios targeting Kubernetes environments, specifically focusing on…

• May the Least Privilege Be With You — Marios Gyftos, Nikos Vourdas

  In the evolving landscape of cloud security, organizations are increasingly aware of the need to secure user identities. However, a significant blind spot often remains: the security posture of…

• Hypervisor Hangover: Persistence Mechanisms on ESXi — JC(Crashwire), Nathan

  In the Cloud Village talk "Hypervisor Hangover: Persistence Mechanisms on ESXi," cyber threat analysts JC (also known as Crashwire) and Nathan (Wham) delve into the critical, yet often overlooked…

• Weaponizing SageMaker AI: Real-World Offense in Machine Learning Platforms — Shani Peled

  In this compelling talk from Cloud Village, Shani Peled, a Senior Cloud Security Researcher at Sentinel One, unveiled a series of critical security vulnerabilities stemming from the default…

• Exploring The Possibilities of Azure Fabric Abuses — Viktor Gazdag

  In this insightful talk at Cloud Village, Viktor Gazdag, a Principal Security Consultant at NCC Group, delved into the often-overlooked security implications of Microsoft Azure Fabric. Azure Fabric…

• Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials — Gautam Peri

  Gautam Peri, a Senior Security Engineer at Microsoft, delivered a highly technical talk at Cloud Village titled "Uncovering Hidden Threats: The Risks of Dangling Issuers in Federated Credentials."…

• Restless Guests: From Subscription to Backdoor Intruder — Simon Maxwell-Stewart

  In "Restless Guests: From Subscription to Backdoor Intruder," Simon Maxwell-Stewart unveils a critical, often overlooked attack vector within Microsoft Azure environments. The talk details how a…

• TencentGoat: An Intentionally Vulnerable Tencent Cloud Environment — Muhammad Yuga Nugraha

  In an insightful talk at Cloud Village, Muhammad Yuga Nugraha introduced **TencentGoat**, an intentionally vulnerable environment designed to explore security weaknesses within Tencent Cloud. As…

• SquarePhish 2.0 - Turning QR Codes into Entra ID Primary Refresh Tokens — Nevada, Kam

  In this insightful talk at Cloud Village, Nevada and Kam from CrowdStrike unveiled **SquarePhish 2.0**, an advanced phishing framework designed to weaponize QR codes for the acquisition of **Primary…

• Sweet Deception: Designing Effective M365 Honey Tokens — Ryan O'Donnell
• Building the Cross-Cloud Kill Chain: A DE's Playbook for AWS, Azure & GCP Detections — Gowthamaraj

  In an era where enterprises increasingly adopt **multi-cloud strategy**, securing diverse cloud environments has become a paramount challenge for defenders. This talk by Gowthamaraj, a Threat…

• Spotter - Universal Kubernetes Security Engine — Madhu Akula

  Madhu Akula's talk at Cloud Village introduced Spotter, an innovative open-source tool designed to serve as a universal security engine for Kubernetes environments. Spotter aims to bridge the…

• Threat Modelling at Scale: Breaking Down Cloud Complexity — Hanna Papirna, Emma Yuan Fang

  In the rapidly evolving landscape of cloud-native applications, traditional threat modeling approaches often fall short, leaving organizations vulnerable to sophisticated attacks. This talk by Hanna…

• whoAMI: Discovering and exploiting a large-scale AMI name confusion attack — Seth Art

  In this compelling talk at Cloud Village, Seth Art, a Security Advocate and Researcher at DataDog, unveiled a significant security vulnerability dubbed "whoAMI" – a large-scale name confusion attack…

• Quickstart for a Breach! When Official Installations Expose Your K8 and Your Cloud — Michael, Yossi

  This talk, presented by Yossi Suman and Michael Kachinski from the Microsoft Defender for Cloud research team, delves into a critical and often overlooked security vulnerability: **default…

• Cognito, Ergo Some Extra Permissions — Leo Tsaousis

  In his Cloud Village talk, "Cognito, Ergo Some Extra Permissions," Leo Tsaousis, a Senior Security Consultant at Reverse, unveiled a critical vulnerability within AWS CloudWatch Dashboards that…

• Weaponizing SSM: Practical Exploits and Hardening Techniques for AWS — Rodrigo Montoro

  In his compelling talk at Cloud Village, Rodrigo Montoro, Director of Research at Clouds, delved into the often-underestimated security implications of AWS Systems Manager (SSM). Titled "Weaponizing…

• Closing Note — Jayesh Singh Chauhan

  Jayesh Singh Chauhan's "Closing Note" delivered at Cloud Village served as the definitive wrap-up for the 2023 iteration of the conference. Rather than presenting new technical research or a…

• Don't trust Rufus, he's a mole - introducing KIEMPossible — Golan Myers

  In his Cloud Village talk, "Don't trust Rufus, he's a mole - introducing KIEMPossible," Golan Myers, a Security Researcher at Palo Alto Networks, delves into the intricate and often opaque world of…

• Braving the Storm-2372: The Tempest Decoded — Jenko Hwong

  Jenko Hwong's Cloud Village talk, "Braving the Storm-2372: The Tempest Decoded," provides a critical and in-depth analysis of the Microsoft-attributed Storm-2372 attack campaign. While Microsoft's…

• TryHackMe - Azure Purple Teaming: Emulating and Detecting Cloud TTPs

  Arisano's talk at Cloud Village, titled "TryHackMe - Azure Purple Teaming: Emulating and Detecting Cloud TTPs," provided a hands-on workshop demonstrating the critical practice of **purple teaming**…

• Cryptojacking in the Cloud: Investigating Attacks on Container Clusters — Adelia Ibragimova

  Adelia Ibragimova’s workshop, "Cryptojacking in the Cloud: Investigating Attacks on Container Clusters," at Cloud Village, offered attendees a unique, hands-on opportunity to engage with a critical…

• Hacking Kubernetes — Benjamin Koltermann

  In his Cloud Village talk, "Hacking Kubernetes," Benjamin Koltermann provides a comprehensive exploration of common security vulnerabilities and misconfigurations within Kubernetes environments. The…

• Exploiting Public AWS Resources — Eduard Agavriloae

  In the ever-expanding landscape of cloud computing, Amazon Web Services (AWS) stands as a dominant platform, offering a vast array of services. However, the flexibility and power of AWS also…

• Prowler - Maximize your Cloud Security Compliance Assessments with Open Source and a pinch of AI

  In this comprehensive talk at Cloud Village, Toni de la Fuente, CEO and Founder of Prowler, unveiled how the open-source cloud security tool, Prowler, is revolutionizing compliance assessments and…

• Conversational Security engineering across your aws cloud infrastructure — Saransh Rana

  In this insightful talk from Cloud Village, Saransh Rana, a Staff Security Engineer at Grid, introduces the **AWS Security MCP Server**, a novel approach to **conversational security engineering**…

• Doing bad things for the right reasons: Vulnerability Disclosure at Amazon and AWS

  This comprehensive talk, "Doing bad things for the right reasons: Vulnerability Disclosure at Amazon and AWS," delves into the intricate world of vulnerability disclosure from both the vendor and…

• Kubernetes Security Scanner — Krishna Priya

  In this Cloud Village talk, Krishna Priya introduces and demonstrates a custom-built, open-source **Kubernetes security scanner**. The presentation provides a step-by-step guide on deploying this…

• Level Up Your CI/CD: Building a secure pipeline with OSS — Andoni Alonso Fernández, Paco Sanchez

  In this comprehensive talk titled "Level Up Your CI/CD: Building a secure pipeline with OSS" at Cloud Village, Andoni Alonso Fernández and Paco Sanchez, both formerly working together and now with…

• Pwning AWS: Exploiting Cloud Misconfigurations

  This talk, "Pwning AWS: Exploiting Cloud Misconfigurations," delivered by Bhagwan Bolina and Deepak at Cloud Village, provides an insightful introduction to the world of AWS penetration testing…

• SESNSploit: Red Team Exploitation of AWS SES and SNS Misconfigurations — Mohd. Arif, Gaurav Joshi

  This talk introduces **SESNSploit**, a specialized red team tool designed to identify and exploit common misconfigurations within Amazon Web Services' **Simple Notification Service (SNS)** and…

• The Misconfig Matrix: From Chaos to Control

  In "The Misconfig Matrix: From Chaos to Control," Ritwick and Harry P. tackle the pervasive challenge of managing security in complex, multi-cloud environments. The talk addresses the overwhelming…

• NoPrompt: Exposing Conditional Access Failures in Azure — Saksham Agrawal

  Conditional Access (CA) policies are a cornerstone of modern identity and access management within Microsoft Azure and Microsoft 365 environments. Designed to enforce security requirements like…