BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: From Service Catalog Admin to Account takeover: Priv
 ilege\n   Escalation with Service Catalog Launch Constraint\n   When: Frid
 ay\, Aug 11\, 12:10 - 12:30 PDT\n   Where: Flamingo - Mesquite - Cloud Vil
 lage - [1]Map\n\n   SpeakerBio:Sarachai Boonyakiat \, Principal Cloud Secu
 rity\n   I am Principal Cloud Security in a Non-Profit organization with\n
    several years experience in IT security in many industries including\n 
   Industrial automation\, Banking\, Insurance\, MSSP\, Non-Profit and\n   
 transition to full time Cloud Security since 2019. My current area of\n   
 responsibilities are design\, implement\, maintain security controls as\n 
   well as threat research\, pen-testing\, log management and incident\n   
 response in the Cloud (primary AWS). Beside work I like to travel and\n   
 explore food from different places and cultures.\n   Twitter: [2]@ChaiBoon
 yakiat\n\n   Description:\n   AWS offers Service Catalog to help organizat
 ion centrally manage\n   commonly deployed IT services through Infrastruct
 ure As Code whether\n   it be CloudFormation template or Terraform\, and h
 elps organizations\n   achieve consistent governance and meet compliance r
 equirements.\n   Additionally\, as the security feature\, organization can
  delegate the\n   permission to what AWS called "Launch Constraints" role 
 to provision\n   resources on behalf of regular users whom otherwise do no
 t have enough\n   permission to provision resource themselves.\n\n   In th
 is talk\, we are going to explore how attackers\, after initial\n   access
 \, can establish persistence and escalate their permission and\n   continu
 e further down the attack chain by leveraging the\n   misconfiguration of 
 the launch constraints role in conjunction with\n   compromised service ca
 talog admin user to take over the entire AWS\n   account. We also will tal
 k about how to detect such attempt and how to\n   apply defense in depth t
 o stop attackers at different stages of the\n   attack chain.\n\n   '\n\n 
   1. #FlamingoThirdFloor\n   2. https://twitter.com/ChaiBoonyakiat\n\n\n
DTEND:20230811T193000Z
DTSTART:20230811T191000Z
LOCATION:CLV - Flamingo - Mesquite - Cloud Village
SUMMARY:From Service Catalog Admin to Account takeover: Privilege Escalatio
 n with Service Catalog Launch Constraint
END:VEVENT
END:VCALENDAR