The Roundup: Cloud Pentesting

MC: Beau Bullock
Price: $0 (Free to Attendees)
Date: December 10, 2020
Time: Noon to 5PM EST
Topic: Cloud Pentesting
Click here to register

This Roundup event will focus on practical knowledge related to penetration testing in the cloud. Over the last few years, organizations have increasingly seen compromise of sensitive data due to misconfigurations of cloud-based products and services. The perpetual evolution of cloud-hosting services seems to provide more and more opportunities for security misconfigurations. Indeed, the cloud is still a “Wild West” and needs some good ole’ fashioned wranglers to set it straight.

Not all training addresses cloud penetration testing from the perspective of both offensive and defensive teams. This Roundup, on the other hand, will feature presentations that speak to both teams. Gaining an understanding of offensive capabilities will help penetration testers adequately assess their clients who employ these services and will help cloud defenders understand the attack surface and risk companies face using cloud services.

So, it doesn’t matter whether you belong to the outlaws or to the sheriff’s posse, the Red Team or the Blue Team, you will find something of interest at this Roundup!

Join Beau Bullock, Senior Security Analyst and Penetration Tester at Black Hills Information Security, for this December’s Roundup event.

Leron Gray, Azure Red Team at Microsoft

Leron (aka daddycocoaman) is a ten year Navy veteran and former NSA operator with several years of offensive security experience. He currently works on the Azure Red Team at Microsoft, loves winning all the CTFs, and enjoys writing things in Python and Python-like languages. He’s also a dope nerdcore rapper (Ohm-I, and a member of the Nerdy People of Color Collective, a group that aims to extend representation for minorities in nerdy spaces where they are typically underrepresented.

Dirk-jan Mollema, Fox-IT

Dirk-jan is one of the core researchers of Active Directory and Azure AD at Fox-IT. Amongst the open source tools published to advance the state of (Azure) AD research are ROADtools, aclpwn, krbrelayx, mitm6 and a Python port of BloodHound. He blogs at, where he publishes about new Active Directory attack chains, which included the discovery of the PrivExchange vulnerability. He is also co-author of ntlmrelayx and contributor to several other open source tools and libraries. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and was part of the MSRC most valuable researchers 2018-2020 through his Azure AD research.

Andrew Krug, Technical Evangelist at Datadog

Andrew Krug is a Security Engineer specializing in Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders. Krug has been a speaker at Black Hat USA, DerbyCon, and BSides PDX.

Jon Helmus, Manager of Pentesting Community at

Jon Helmus is a security engineer, educator, author, and cloud hacker who has been working in engineering, security, and information technology for 10 years. He specializes in Penetration Testing, Threat and Adversarial Assessments, Vulnerability Management, Cloud Technology (AWS), and also has experience as a Technical Educator and University Level Professor.

Jon is known as “the granola” hacker due to his consistent attitude of “giving back” to those trying to get into pentesting, as well as helping others “bypass the gatekeepers” and get into cybersecurity.

Recently, Jon became the author of the new book “AWS Penetration Testing”.

Jim Shaver, Penetration Tester

Jim is a Penetration Tester, Speaker and Cloud Security Researcher. Jim is a security and IT veteran with over 11 years experience in finance, healthcare and tech. Jim is responsible for research on AES Kerberoast, offensive uses of IronPython and .Net and is currently focussed on the intersection of AWS and offensive security. Jim has also contributed to many Open Source projects and speaks at conferences about offensive security.

Time Speaker Presentation
12:00PM to 12:45PM ET Dirk-jan Mollema “Fantastic Conditional Access policies and how to bypass them”

Conditional Access policies are the gatekeepers for Azure and Office 365, offering advanced controls about who is allowed to access what from where. In this talk we will explore how Conditional Access policies work: what they are designed to protect against? What are common configurations? But more importantly, what do they not protect against? And how can attackers can use these gaps to obtain access to accounts even with policies configured? We’ll answer those questions and look how open source tooling such as ROADtools can be used to explore, analyze and work around those policies.

1:00PM to 1:45PM ET Leron Gray “Here’s Some S*** I Learned – Enumerating Azure and Azure AD”

Azure Active Directory (AAD) and Azure Resource Manager (ARM) the two fundamental concepts behind an Azure tenant. Understanding the relationship between AAD objects and ARM resources is crucial to creating a secure environment where roles and permissions are properly configured. This talk will discuss the concepts behind both AAD and ARM, and how attackers and defenders can get a visual picture of the current configuration using Stormspotter, a tool released by the Azure Red Team. Come through, fam.

2:00PM to 2:45PM ET Andrew Krug “Do yer best!  Preparing for a Cloud Pentest”

Penetration tests can take a lot of cycles to stage, spin up, and execute. In this talk we’ll talk about practical things you can do to give yourself an advantage in any cloud based exercise. Observability, monitoring, and forensics will be themes in this 8-second ride through readiness.

Often companies forge ahead with a red team exercise without first executing diligence with regard to top 10s related directly to Cloud Security. Andrew Krug author of AWS_IR and Margaritashotgun will walk you through modern considerations for AWS Hardening to prepare for a pentest and share learnings on how to protect Cloud Environments. Secondarily we’ll examine the means in which you can instrument the cloud and discuss cost tradeoffs for different parts of the core AWS Cloud Stack.

Attendee Takeaways:

  • Practical advice on tool, tactics, and techniques to audit and lockdown an AWS account / org
  • Patterns for sequestered logging
  • Recommendations for OSS tools that can be applied to solve the problem.
3:00PM to 3:45PM ET Jon Helmus “Functional Testing: A New Era of Pentesting”

As the cloud begins to take over the technology era, so does the ever-growing threat landscape of companies’ infrastructure. Today, copious amounts of businesses are relying on cloud providers to help build infrastructure quickly and efficiently – doing so allows companies to scale rapidly and maintain relevance into today’s competitive markets.

However, has the billy mays would say, “”BUT WAIT, THERE’S MORE!””.

Cloud security comes at a cost that does not always present itself. That cost comes in the form of security and how adequate security can be applied to cloud infrastructure.

This talk is going to discuss how security professionals can not use the same security guidelines for the cloud as they use for physical and on-prem systems. New technology means new tactics and strategies, such as a new way of effectively pentesting. In this talk, attendees can expect to learn new ways of thinking about security and pentesting when it comes to targeting cloud providers – while also providing efficient adversarial assessments that assess the cloud.

4:00PM to 4:45PM ET Jim Shaver “API Keys Now What? Taking the Pen Test Into the Amazon Cloud”

If you needed to pen test an AWS environment where would you start? This talk seeks to answer that question. Learn how credentials work in AWS and how to find them. As well as how to use them in an offensive context. There will be a demonstration of Redboto, a collection of offensive AWS tools, which you can use to perform recon within an AWS environment, get at data and escalate your privilege. Also discussed are other tools and solutions to make sure that you are defending against these techniques and others.