Cloud infrastructures play an increasingly important role for more and more organizations. Additionally, these cloud infrastructures and traditional corporate networks become ever more intertwined. But there are risks involved: The cloud exposes a big additional attack surface and often its management mechanisms are complex. Both these facts can be exploited by skilled attackers. In this talk, Rafael Fedler, Senior Security Consultant with NSIDE Attack Logic GmbH, explains the theory behind these attacks and demonstrates one in practice: First, a cloud infrastructure will be compromised; then, from there, he will show how an attacker can move on into the regular corporate, non-cloud network.
