CLOUD VILLAGE @ DEF CON 33 8th Aug - 10th Aug 2025

Spotter is a groundbreaking open-source tool or solution designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging CEL (Common Expression Language) for policy definitions, we can define unified security scanning across development, CLI, CI/CD, Admission Controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS, MITRE ATT&CK, etc.

Spotter provides extreamly high flexbility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.

About The Speaker

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by-design Kubernetes Cluster to learn and practice Kubernetes Security. He is a published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.

Madhu frequently speaks and runs training sessions at security events and conferences worldwide including DEFCON 24, 26, 27, 28, 29, 30, 31 & 32, BlackHat USA, ASIA, EU (2018, 19, 21, 22, 23 & 24), USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20, 21, 22, 23), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, and Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Big data, big mess. Bigger and more data is in Fabric, the more messy it can be. Azure unified the data lake house, data warehouse and PowerBI services into a SaaS platform called Fabric. In this talk, we discuss the three areas in the tenant level settings to look after and not to open up Fabric to everything. Then we will discuss data exfiltration scenarios (like data pipeline or notebook etc), how is it possible to create backdoor account (i.e.: Activator).

Intro - 1min

Who am I and what is Fabric.

Tenant Level Settings to Review - 4mins

Selecting the top 3 tenant level areas (External Data Sharing, Admin API calls, Information Protection) to review why they can be dangerous.

Data Exfiltration via Data Pipeline, Notebook, Shortcut, SQL Endpoint, Mirrored Db - 12mins

Discussing the possibilities of how data pipeline can automatically copy data from our own tenant's source to a destination in a different tenant. SQL Endpoint is automatically created for reading purposes. Guest account in Entra ID can be added to the workspace as viewer and using SQL Server Management Studio (SSM) to open SQL analytics endpoint. Mirrored Database is automatically synchronize data between 2 database where the destination can be an external tenant. A notebook is all about executing code and handling existing data (handing out the data).

Demo video about a pipeline copy to another tenant storage account.

Backdoor via Activator (Notebook, Power Automate, Scheduled Spark Job) - 13mins

Discussing how the Activator can be used to create a backdoor user via executing python code via Notebook, Scheduled Spark Job or low-code Power Automate.

Demo video (8mins) demonstrating how a backdoor account is created by using Activator to run a Notebook which executes Azure Python SDK code.

About The Speaker

Viktor Gazdag has worked as pentester and security consultant for 9 years, lead cloud research working group and M365 capability service. He has reported numerous vulnerabilities in products and plugins from companies such as Oracle, SAP, Atlassian, Jenkins, CloudBees Jenkins, JetBrains, Sonatype. He gave talks about CI/CD and Cloud security at DevOps World, Black Hat USA, DefCon and DoD CyberDT XSWG. He holds multiple AWS/Azure/GCP, Infra as Code, DevOps and Hacking certs and Jenkins Security MVP award.

Get ready for a live demo of full-blown cloud compromise - starting from an innocent-looking SageMaker AI notebook and ending in complete AWS account takeover. Using nothing more than the default SageMaker AI setup granted to data scientists, this session showcases how attackers can chain together misconfigurations across IAM, SecretsManager, ECR, and network layers to take control of the environment from the inside out.

But that’s just the beginning.

This talk also features the exclusive release of a new open source tool- the first offensive framework built to simulate and execute post-exploitation in SageMaker AI environments. Red teams can weaponize it. Defenders can validate exposures. Either way, it shines a spotlight on one of the cloud’s most overlooked attack surfaces: managed AI infrastructure.

Drawing on real-world experience from offensive operations against cloud environments around the world - including enterprise and nation-level targets - this session breaks down how AI services like SageMaker AI are quietly becoming powerful post-exploitation platforms.

SageMaker AI was designed to train models, not attackers - but with its comfort-first design, permissive defaults, and excessive trust relationships, it quietly offers everything needed for stealthy lateral movement and infrastructure-wide compromise.

This talk is for red teamers, defenders, and anyone building or securing ML workloads in the cloud. Expect real attack chains, real tools, and a view into how attackers are targeting AI infrastructure in the wild - and why most environments aren't ready for it.

About The Speaker

Shani Peled is a Senior Cloud Security Researcher at SentinelOne. She began her career in the Israeli Intelligence Corps, where she served as the only female hacker on her cyber defense team. After two years defending critical infrastructure, she transitioned into offensive security, spending four years as a red teamer targeting enterprise environments around the world — including multiple Fortune 500, Fortune 100, and Fortune 50 companies. Today, she brings that offensive mindset to cloud and AI research, focusing on exposing real-world threats in modern cloud infrastructure.

Traditional detection methods struggle to keep pace with evolving attacker tactics in cloud environments like Microsoft 365. To level the playing field, organizations can implement honeypots and honey tokens strategically within their M365 infrastructure, turning the complexity of cloud services to their advantage. By creating deliberately enticing yet closely monitored decoys, defenders can proactively detect attacker reconnaissance and exploitation attempts.

This session outlines effective strategies for deploying M365 honeypots and honey tokens, emphasizing low false-positive rates and high data quality. Leveraging Exchange, SharePoint, Teams, and Application-specific tokens, attendees will learn to craft attractive, attacker-oriented traps integrated seamlessly into their security monitoring pipelines. Advanced deception techniques, including breadcrumb trails leading adversaries into highly monitored secondary environments, will also be discussed.

Through live demonstrations, participants will gain valuable insights into how deception techniques can be applied within Microsoft 365 environments. They will learn how to design and implement these strategies in their own environments to strengthen detection capabilities against sophisticated adversaries.

This presentation is the culmination of extensive hands-on research and practical application in both penetration testing and defensive detection engineering. By leveraging actual techniques observed in real-world attacks, this talk bridges offensive innovation with proactive defensive strategies. Attendees will receive detailed methodologies to effectively set up, deploy, and monitor M365-specific honeypots.

About The Speaker

Ryan O'Donnell is a Senior Offensive Security Engineer at Microsoft. Over the last 13+ years, he's been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted hands-on workshops at Hack Space Con, Hack Red Con, BSides Las Vegas, and BSides NoVa. Ryan has a Masters in Cybersecurity from GMU and the following certifications: OSCP, OSEP, CRTO, and GREM.

Trying to trace an attacker pivoting from AWS to Azure to GCP often feels like building detections in silos while attackers exploit the seams. As detection engineers (DEs), we know the pain: scattered logic, cloud-specific alerts, and a fragmented view. We need to move beyond individual events and reconstruct the cross-cloud kill chain to see the full attack.

This DEF CON Lightning Talk is a practical DE playbook for AWS, Azure, and GCP. No fluff, just 'how-to' for building detections that connect the dots across clouds.

In ~15 minutes, we’ll cover:

Cross-Cloud TTPs: How attackers really pivot between AWS, Azure & GCP in 2025 and the patterns they leave.

Mapping Logs to Kills: Identifying essential logs (CloudTrail, Azure AD, GCP Audit, etc.) and mapping them to attack stages.

Crafting Correlation Rules: Real SIEM examples (Sentinel/Chronicle/etc.) for stitching events together – think 'Azure Risky Login' + 'AWS Role Use' = P1 Alert.

Actionable DE Strategies: Threat intel integration, baselining cross-cloud activity, and building high-fidelity alerts.

Automation & OCSF: Streamlining ingestion and normalization so you can focus on the hunt.

If you write detection rules or hunt threats in a multi-cloud mess, this is for you. You'll leave with actionable TTPs, correlation logic examples, and a clear path to building detections that reveal the entire cross-cloud kill chain. Let's build better traps.

About The Speaker

Gowthamaraj Rajendran is a cybersecurity professional and Threat Detection Engineer at Meta, with over 4 years of experience. For the past 2 years, he has specialized in creating precise and effective detection capabilities.

SquarePhish 2.0 - Turning QRCodes into Single Sign On Primary Refresh Tokens
Introduction to Device Code Phishing
- Evolution of phishing techniques and their current relevance
- Recent increase in threat actor adoption
- Overview of advancements in token exploitation techniques
OAuth Authentication Fundamentals
- OAuth 2.0 authorization framework overview
- Device code flow explanation and legitimate use cases
- Access tokens vs. refresh tokens: purpose and security implications
QR Codes in Phishing Attacks
- How QR codes facilitate social engineering
- Advantages over traditional phishing links
- User psychology and trust in QR authentication processes
Microsoft Entra ID Token Ecosystem
- Family of Client ID (FOCI) explanation
- Primary Refresh Tokens (PRTs): the ultimate persistence goal
- Token relationships and privilege escalation paths
SquarePhish Tool Demo
- Architecture and components overview
- Decoupling initial contact from authentication flow
- Overcoming the 15-minute timeout limitation
- Two-phase email approach
- Demonstration of the email and server modules
- Configuration and customization options
New SquarePhish Techniques
- Broker authentication client phishing implementation and template
- Automatic registration of Primary Refresh Tokens
Detection and Prevention Strategies
- Detection via logging and SIEM rules
- Conditional Access policies to mitigate device code attacks
- Disable device code flow
- User awareness training specific to QR phishing

About The Speaker

Throughout his career in information security, Nevada has experience in various roles, including security analyst, security architect, penetration tester, and security researcher.  He is currently a Senior Security Researcher on the NG-SIEM Threat Research team at CrowdStrike.

Federated Credentials are one of the ways to authenticate workload identities and provide access to resources using Open ID Connect (OIDC), and major identity providers such as Entra ID (formerly known as Azure AD) support authentication using federated credentials. Developers set up a trust relationship between federated identity providers and workload identities. Often times due to a misconfiguration or lack of understanding of federated credentials security risks, developers have dangling domains configured as issuer in the setup. Due to the inherent trust relationship configured with the federated identity provider, an attacker can take over the dangling issuer domain, host OIDC discovery endpoints and obtain access tokens to elevate privileges.

This talk aims to highlight the risks of dangling issuers and demonstrates how an attacker can exploit them to elevate privileges. In addition, the talk also covers mitigations and best practices and provides tools to identify these misconfigurations.  The demos used in this session leverage Microsoft Entra ID as the identity provider and Azure as the cloud hosting platform. However, the key takeaways are generic and are applicable to other cloud environments and identity providers.

Key concepts covered in the talk are as follows:
Introduction
Speaker intro
Overview of federated credentials in Entra ID (Azure AD) & other identity providers
Federated Credentials 101 in Entra Id (Azure AD)
Legitimate use case:
Federated credentials setup
How do workload identities authenticate with federated credentials?

Dangling Issuers in federated credentials
What causes the dangling issuers in federated credentials?
How can an attacker abuse dangling Issuers?
Pre-requisites for the attack scenario
Dangling Issuer domain take over, host OIDC discovery metadata & steps to obtain access tokens
Use tokens to access resources

How to identify dangling Issuers in federated credentials?
Provide guidance to identify dangling issuers using Graph APIs

Mitigations & best practices
How to prevent dangling issuers?
Tenant level policies to prevent token issuance from untrusted issuers

Future work
Research on other identity provider Federated Credentials

About The Speaker

Gautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 9 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing Azure Edge & Platform and Windows & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented a workshop at DEF CON 32 and a speaker at OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.

Cloud misconfigurations often create unexpected attack vectors, exposing sensitive resources and allowing attackers to escalate privileges or gain unauthorized access. In this session, we’ll explore common security misconfigurations in Tencent Cloud using TencentGoat, an intentionally vulnerable cloud environment designed for hands-on learning.

We’ll explore how these misconfigurations typically occur, how TencentCloud might unintentionally leave security gaps, and how attackers exploit these weaknesses using well-known cloud attack techniques.

About The Speaker

Muhammad Yuga Nugraha is an experienced DevSecOps engineer at Practical DevSecOps, specializing in research and development in areas such as DevSecOps, Cloud Security, and Cloud Native Security. He has co-authored notable certifications like the Certified Container Security Expert (CCSE), Certified Cloud Native Security Expert (CCNSE), and Certified Software Supply Chain Expert (CSSE).

Yuga frequently speaks at industry events including PyCon (APAC 2024, SG 2025), AWS Community Day Indonesia 2024, KCD Indonesia 2024 and delivers training sessions for government bodies and telecom companies. Additionally, he holds certifications including CDP (Certified DevSecOps Professional), and becoming a Kubestronaut.

Through novel research our team uncovered a critical vulnerability in Azure's guest user model, revealing that guest users can create and own subscriptions in external tenants they've joined—even without explicit privileges. This capability, which is often overlooked by Azure administrators, allows attackers to exploit these subscriptions to expand their access, move laterally within resource tenants, and create stealthy backdoor identities in the Entra directory. Alarmingly, Microsoft has confirmed real-world attacks using this method, highlighting a significant gap in many Azure threat models. This talk will share the findings from this first of its kind research into this exploit found in the wild.

We'll dive into how subscriptions, intended to act as security boundaries, make it possible for any guest to create and control a subscription undermines this premise. We'll provide examples of attackers leveraging this pathway to exploit known attack vectors to escalate privileges and establish persistent access, a threat most Azure admins do not anticipate when inviting guest users. While Microsoft plans to introduce preventative options in the future, this gap leaves organizations exposed to risks they may not even realize exist––but should definitely know about!

About The Speaker

Simon Maxwell-Stewart is a seasoned data scientist with over a decade of experience in big data environments and a passion for pushing the boundaries of analytics. A Physics graduate from the University of Oxford, Simon began his career tackling complex data challenges and has since built a track record of delivering impactful machine learning solutions across diverse industries.

Prior to joining BT, Simon served as a Lead Data Scientist in the healthcare sector, where he successfully brought several machine learning projects into production, transforming research insights into actionable tools. Currently, he leverages his expertise as the resident "graph nerd" in BT's Security Research team, exploring cutting-edge graph-based techniques to enhance network security and drive innovative approaches to threat detection.

Simon’s unique combination of technical depth and creative problem-solving has made him a key contributor to advancements in data science and security.

This presentation aims to provide an actionable strategy to connect theoretical threat modelling frameworks and practical cloud implementations. We analyze why legacy approaches do not work for cloud-native applications, particularly microservices and serverless architectures.

We will explore how to:
establish a realistic threat modelling schedule which provides real value lowering the risk of handling threat modelling as just a "tick-the-box" activity;
create effective cloud architecture diagrams to make it understandable and handy for developers to brainstorm possible threats;
implement effective system decomposition strategy to get rid of the monolithic threat modelling which fails for distributed cloud systems. We will demonstrate how this decomposition enables a targeted application of the STRIDE model, highlighting cloud-specific threat vectors and nuances, such as those arising in cross-tenant scenarios;
adapt DREAD risk evaluation framework for the cloud;
effectively engage stakeholders across development, security, and operations;
use AI as a starting point in threat modelling (demo included) and understand where human expertise remains critical.
We will make sure attendees gain a clear understanding of why traditional threat modelling is insufficient for modern cloud environments and will leave with a practical framework and techniques they can immediately apply to their own cloud deployments, improving their organization's security posture and reducing cloud-related risks.

About The Speaker

Hanna is a cybersecurity expert and consultant specialising in securing cloud environments for clients in various industries such as financial services, commercial banking, and retail. With the experience in Secure Landing Zones, Infrastructure as Code, identity management, endpoint protection, security operations, and DevOps, she helps organizations to build resilient cybersecurity strategies and roadmaps.

As a certified Microsoft Trainer, she conducts hands-on workshops on cloud and cybersecurity topics, empowering teams to navigate modern security challenges. Passionate about Cloud Security Posture Management and robust defenses against evolving threats.

It’s not every day you stumble upon a technique that enables remote code execution (RCE) in thousands of AWS accounts at once—but that’s exactly what happened with the whoAMI attack. By researching a known misconfiguration through a new lens, we discovered how to gain access to thousands of AWS accounts that unknowingly use an insecure pattern when retrieving AMI IDs.

By carefully naming a malicious AMI, an attacker can trick vulnerable Terraform code, AWS CLI scripts, and even third-party CI/CD systems into running the wrong AMI. I’ll explain how I uncovered this vulnerability, show proof-of-concept demos, and share how I discovered this vulnerability affected a third party continuous integration platform used by many popular open source projects, and how even some of AWS’s own internal systems were vulnerable to this attack.

If you’ve ever launched an EC2 instance, this talk is for you: learn how cloud image name-confusion attacks can be used by attackers to gain initial access to cloud environments and how you can prevent them.

About The Speaker

Seth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.

As orgs lean harder on Entra and Azure for critical IdP and infra, attackers are shifting too. This talk introduces a PowerShell-based post-exploitation toolkit that uses only native Windows features and the Microsoft Graph API — no external modules, agents, or DLLs required. Designed to “live off the Graph,” it enables stealthy recon, escalation, persistence, and exfil using just REST calls and default PowerShell, evading top EDRs with ease (as of April 2025, at least).

We’ll walk through real-world kill chains using Microsoft’s own APIs, abusing OAuth flows, consent, and service principal escalation to move laterally, assign roles, drop loot, and stay hidden. Attendees will learn how attackers can inject secrets into app registrations, enumerate high-privilege service principals, assign Entra + Azure roles via Graph/ARM, and exfiltrate via tenant-native blob storage - all without touching the Azure portal or importing a single module.

No implants. No imports. No sketchy domains. Just what’s already there.

To ground the talk, I’ll give a short crash course on Azure OAuth, app types, API endpoints, and how attackers bypass common controls like MFA, CAP, and Token Policies.

A full lab demo will show how access is gained via spear-phishing, followed by escalation and persistence using only built-in PowerShell. Blue teamers will walk away with concrete detection ideas. Red teamers will leave with a framework—or inspiration to build their own.


Toolkit Breakdown

Requirements:
- PowerShell execution
- Internet access to Azure APIs
- A juicy Azure target

Auth:
- Spear-phish via Microsoft’s Device Code Auth (popularized by Russian APTs this year)
- Store tokens in a native JSON-based keyring
- Tag tokens by role for scope tracking

Recon:
- Enumerate Service Principals + Graph scopes (regex filtering)
- Enumerate ARM role assignments (regex filtering)
- Enumerate Key Vaults
- Identify attack paths from collected data

Persistence:
- Create malicious apps
- Inject secrets into any apps
- Add remediation tasks
- Spawn containers/functions

Escalation:
- Use keyring + recon to select injection targets
- Pivot via apps to bypass CAP/MFA/token policies
- Dump Key Vaults
- Rotate identities mid-chain
- Assign permissions to any app

Exfil:
- Recon modules write loot as .csv
- Create public Azure blob storage
- Upload loot directly

Stealth:
- No compiled code—just .ps1, .json, .csv
- Built-in PowerShell + REST only
- Avoids PowerShell and module-based detections
- No alerts from CrowdStrike, Defender, or SEP in testing

Automation:
- Spear-phish module auto-generates lures and captures tokens
- One-shot persistence module sets up a cron-style enumerate+dump pipeline in cloud containers
- One-shot exfil module creates resources, publishes open loot container
- Operator just selects targets/IDs

This tool is actively developed by me. Nobody’s seen it in action yet—except my girlfriend and my cats. Been saving it for DEFCON :)

About The Speaker

A lifelong hacker and technology enjoyer, with a passion for automation and expanding my knowledge of new systems. I got started with "security" as a preteen, hacking with BackTrack and taking advantage of the relatively insecure implementations that were pervasive in the early 2000s. After finishing school, I started working in IT and eventually moved into cybersecurity professionally.

Fast forward to 2025: I'm currently a Lead Security Engineer at Wells Fargo, focusing on adversary emulation and offensive security research. In this role, I create PoCs and tools to exploit the latest vulns and bypass EDR, and I train junior engineers and analysts on complex techniques and topics. The tooling and training I provide typically illustrate full kill chains, empowering them to hunt and respond with speed and precision.

Prior to my current role, I worked as a Senior Cloud Security Engineer at Wells Fargo, focusing heavily on blue team–oriented Azure operations. Much of the inspiration for this tool and demo comes from the experience I gained working in the Bank's highly restricted, federally regulated environment. Before Wells Fargo, I was at Sony (PlayStation—the cool one :P) as an L3 Sysadmin, and at Kudelski Security (an MSSP) as a Security Engineer supporting dozens of massive clients around the globe. Thanks to that prior experience, I’ve had the privilege of being exposed to a wide variety of environments and tooling, which I'm grateful for.

Outside of work, I'm either studying (GXPN currently) or in the lab developing my own projects, researching, building, breaking, etc.

Unrelated, but I’ve also been DJing at DEFCON for the last few years, so I’m especially hyped to level up my participation and submit a talk/demo for my favorite village. DEFCON pushed me further down this path early on, and I’m ready to give back. Besides computers, I’m also very into fast cars and massive sound systems.

When it comes to offensive ops: living off the land is the motto, exploitation is the mission, automation is the lifestyle.