This presentation will demonstrate how attackers can leverage cloud functionality to make the leap to sensitive on-premises systems.

Hardly any company today can manage with a purely on-premises architecture. The proliferation and use of cloud systems is growing exponentially – and with it the potential for misconfigurations. However, many are unaware of the new attack vectors this opens up.

In this presentation, Tobias Wicke of NSIDE ATTACK LOGIC GmbH will demonstrate an attack chain that is frequently encountered in reality: the compromise of a cloud application, subsequent spread throughout the cloud environment, and finally the leap to on-premises systems. This chain is based on real-life attacks by Advanced Persistence Threats (APTs) such as Fancy Bear and the like.