Cloud Hacks with Carlos Polop | 401 Access Denied Podcast Ep. 69

Cloud Hacks with Carlos Polop | 401 Access Denied Podcast Ep. 69

Join us: www.cybrary.it/?utm_source=youtube&utm_medium=vide…

Cloud services have made it easier for users to stay connected and access resources from anywhere. But how can we reduce the security risks resulting from on-premises-to-cloud infrastructure migration? Security researcher Carlos Polop returns to the 401 Access Denied Podcast to expose the most unexpected cloud security flaws commonly leveraged by adversaries. From tackling misconfigurations to enhancing security controls, we cover top risk mitigation strategies recommended by cloud penetration testers!

Check out Carlos' latest book on cloud hack tricks:
cloud.hacktricks.xyz/welcome/readme

Learn more about Purple Panda:
github.com/carlospolop/PurplePanda

Follow Carlos on GitHub and submit pull requests:
github.com/carlospolop

Join Carlos' Discord community:
discord.gg/hRep4RUj7f

Follow Carlos on Twitter:
twitter.com/carlospolopm

0:00 - Intro
3:25 - Initial Access
9:20 - Targeted Roles
13:18 - API Abuse
15:31 - Enumeration & PurplePanda
27:41 - Unexpected Risks
32:23 - Cloud Hack Tricks
38:50 - Risk Reduction
45:44 - Where to Start