Hackfest 2023 - Back to the Future

Clément Cruchet

Clément is a passionate speaker and technical security expert, specializing in security testing, offensive security and ethical hacking. Currently technical team leader for security testing and offensive security practice at Bell Canada, he is driven by an unwavering passion for security and hacking. Clément has carried out numerous assignments and assessments for clients in various sectors such as banking, finance, government, services, industry and energy. Endowed with an insatiable curiosity and unfailing tenacity, Clément is a passionate hacker who constantly seeks to understand the architecture and fundamentals of the technologies that come his way.

Your pronouns – He Which country are you from? – Canada


Cloud environments: Red Team perspectives

This presentation delves into the realm of cloud computing's security challenges and the Red Team perspective. It sheds light on intrusion testing, shared security models, and vulnerabilities unique to cloud systems. The discussion covers cloud intrusion testing's importance, methodologies, and distinctiveness compared to traditional approaches. Identity and Access Management's crucial role will be highlighted and explain through the 3 main CSP AWS/Azure/GCP, their main differences and security implication. The talk will outlines reasons for conducting Red Team engagements focusing on critical resource access. Applied assessment methodologies are proposed, including BlackBox, AssumBreach, and White Box approaches. Attack scenarios, based on the Mitre Att&ck Cloud Matrix framework, are explored, encompassing various stages. The presentation also delves into using the cloud offensively (Redirectors, storage and delivery), cloud-based phishing and Oauth abuse. The aim is to facilitate knowledge exchange, encourage research, and enhance cloud security by leveraging Red Team insights.