Getting Started with Hacking AWS ECS
Cloud Security Podcast12 Tammi 2023

Getting Started with Hacking AWS ECS

Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Gafnit Amiga (Gafnit's Linkedin), VP of Security Research at Lightspin who recently discovered the AWS Elastic Container Registry Public (ECR Public) vulnerability. She spoke to us about how she goes about doing cloud security research and what AWS ECS and ECR is.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Gafnit Amiga (Gafnit's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Introduction
(02:28) snyk.io/csp
(02:57) A bit about Gafnit
(05:15) What is AWS ECS and ECR?
(08:18) Why do people use ECS and ECR?
(09:58) The ECR vulnerability Gafnit discovered
(15:16) Vulnerability scanning for containers in AWS ECR
(16:42) How do you find undocumented APIs in AWS?
(17:58) Attack techniques in AWS
(22:43) How to protect your AWS accounts?
(25:14) Focus areas for Cloud Security Research in 2023
(25:48) Finding vulnerability through research
(29:00) Resources for Cloud Security Research

(31:04) The Fun Section

See you at the next episode!

Jaksot(344)

A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!

A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fiveth episode in this series Eve Ben Ezra from The New York Times. GitOps, OPA Conftest, ArgoC...

11 Touko 202331min

THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS!

THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS!

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Mackenzie Jackson from GitGuardian. Mackenzie Jackson from GitGua...

9 Touko 202332min

Kubernetes Cluster Security Audit Explained

Kubernetes Cluster Security Audit Explained

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Shane Lawrence and Daniele Santos from Shopify explained how kube...

3 Touko 202341min

Network Security for Kubernetes

Network Security for Kubernetes

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the third episode in this series, we spoke to Liz Rice ( Liz's Linkedin⁠). Liz Rice from Isova...

16 Huhti 202340min

CONTINUOUS KUBERNETES SECURITY IN 2023

CONTINUOUS KUBERNETES SECURITY IN 2023

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the second episode in this series, we spoke to Andrew Martin (Andrew's Linkedin). Kubernetes S...

14 Huhti 202358min

2023 What Kubernetes Security Looks Like Today Series- DevSecOps

2023 What Kubernetes Security Looks Like Today Series- DevSecOps

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the first episode in this series, we spoke to Kirsten Newcomer (Kirsten's Linkedin). Kirsten ...

13 Huhti 202347min

IS THERE DEVSECOPS IN CLOUD? 🤔

IS THERE DEVSECOPS IN CLOUD? 🤔

Cloud Security Podcast -  This month we are talking about "Cloud Security - the Leadership View" and for the final episode in this series, we spoke to Guy Podjarny ( GuyPo's Linkedin). If you are work...

27 Maalis 202350min

How to Build a Modern Cyber Security Program in 2023

How to Build a Modern Cyber Security Program in 2023

Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and this week in this series, we spoke to Larry Whiteside Jr ( Larry's Linkedin ) If you are working on...

11 Maalis 202359min