SnowGoat: Exposing Hidden Security Risks and Leaking Data Like a Threat Actor
Event description
SnowGoat: Exposing Hidden Security Risks and Leaking Data Like a Threat Actor
Level of Instruction: Intermediate
Instructed by: Lior Adar, Chen Levy Ben Aroy
Abstract:
Join us for an engaging and interactive workshop where we delve into the hidden risks within your configurations in Snowflake. This intermediate-level session is designed to provide hands-on experience with vulnerable and misconfigured environments, utilizing plug-and-play Terraform scripts and your free-tier Snowflake and AWS accounts. Attendees will explore the UNC5337 data-theft and extortion campaign, and other common Snowflake misconfigurations and risks through a fun and interactive "Capture The Flag" (CTF) style attack scenario, with the main objective of leaking sensitive data from Snowflake.
Key Topics:
-Snowflake as a data-lake service and common security pitfalls.
-UNC5337 Data-Theft and Extortion Campaign: Gain insights into real-world cyber threats and how they operate.
-Solve problems and bypass misconfigured security mechanisms.
-Learn about data-related risks that could lead to a data breach.
Technical Level: Intermediate
Learning Outcomes: By the end of this workshop, attendees will:
-Understand best practices for securing configurations in Snowflake.
-Gain practical experience in identifying and mitigating unsecured configurations.
-Gain knowledge to handle real-world cyber threats effectively.
Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity
