Misconfigured Cloud Assets

IAM Implementations: used to administer user and app authentication and authorised. If an attacker is able to manipulate a cloud-based IAM solution, it could be catastrophic for the organisation.
Federation Misconfigurations: federated authentication is a method of associating user identity across different systems. If the underlying protocols are misconfigured attackers could abuse this. For example, if applications are granting default permissions to unmapped users they could gain unauthorised access to systems.
Object Storage: insecure or incorrect configuration of cloud object storage services like AWS S3 buckets are often the cause of data breaches.
Containerisation Technologies: attacks against container deployments like Docker have led to data breaches in teh past. Active or passive recon can be carried out to find deployments which are widely exposing Docker daemon or Kubernetes elements to the internet.

Last updated 27 days ago

IAM Implementations: used to administer user and app authentication and authorised. If an attacker is able to manipulate a cloud-based IAM solution, it could be catastrophic for the organisation.
Federation Misconfigurations: federated authentication is a method of associating user identity across different systems. If the underlying protocols are misconfigured attackers could abuse this. For example, if applications are granting default permissions to unmapped users they could gain unauthorised access to systems.
Object Storage: insecure or incorrect configuration of cloud object storage services like AWS S3 buckets are often the cause of data breaches.
Containerisation Technologies: attacks against container deployments like Docker have led to data breaches in teh past. Active or passive recon can be carried out to find deployments which are widely exposing Docker daemon or Kubernetes elements to the internet.

Last updated 27 days ago