Network Pentest 2.0 : The Cloud Pentest Revolution
Cloud Security Podcast22 Elo 2023

Network Pentest 2.0 : The Cloud Pentest Revolution

Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth.


Episode YouTube: ⁠ ⁠Video Link⁠⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Seth Art's Linkedin ⁠⁠⁠⁠⁠⁠(⁠⁠Seth Art Linkedin)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Question


(00:00) Introduction

(05:17) A bit about Seth Art

(06:44) Network vs Infrastructure Security Pentest

(08:00) Internal vs External Network Security Pentest

(10:26) Assumed vs Objective Based Pentest

(12:51) Is network pentest dead?

(14:04) How to approach network and cloud pentests?

(20:12) Cloud pentest is more than config review

(24:04) Examples of cloud pentest findings

(30:07) Scaling pentests in cloud

(32:25) Traditional skillsets to cloud pentest

(36:58) A bit about cloudfoxable

(39:31) Cloud pentest and Zero Trust

(40:54) Staying ahead of CSP releases

(44:31) Third party shared responsibility

(47:35) 1 fun question

(48:36) Boundary for cloud pentest

(52:21) Last 2 fun questions


These are some of the resources that Seth shared during the episode along with the tools he has created

See you at the next episode!

Jaksot(344)

Google Cloud Security Fundamentals - Level 2

Google Cloud Security Fundamentals - Level 2

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jonathan Brodie Senior Cloud Security Engineer, ITV Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.clou...

27 Helmi 202239min

Google Cloud Security Fundamentals

Google Cloud Security Fundamentals

In this episode of the Virtual Coffee with Ashish edition, we spoke with Antoni Tzavelas (@antoniscloud) Google Cloud Certification Trainer, Antoni Training Episode ShowNotes, Links and Transcript on ...

20 Helmi 202233min

Red Team in Google Cloud

Red Team in Google Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Brad Richardson (@Richarjb) Red Team and Vulnerability Management Episode ShowNotes, Links and Transcript on Cloud Security Pod...

13 Helmi 202251min

How to Automate Security in Google Cloud?

How to Automate Security in Google Cloud?

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jason Dyke (@jasonadyke) a Staff Security Engineer at Blocks (@Blocks). Episode ShowNotes, Links and Transcript on Cloud Securi...

6 Helmi 202254min

Authorization Control for Enterprise in Cloud

Authorization Control for Enterprise in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gal Helemski (@Linkedin-Gal Helemski) CoFounder, CTO & CPO at PlainID (@plainID_authZ). Episode ShowNotes, Links and Transcript...

30 Tammi 202241min

McFee and FireEye join forces for XDR

McFee and FireEye join forces for XDR

Cloud Security News this week 26 Jan 2022 Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The me...

26 Tammi 20223min

AWS IAM Getting Started

AWS IAM Getting Started

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ian Mckay (@iann0036), a AWS Community Hero, AWS APN Ambassador who has a lot of popular open sources projects in the AWS secur...

23 Tammi 202240min

Remote Access Trojans target Public Cloud Infrastructure

Remote Access Trojans target Public Cloud Infrastructure

Cloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a ca...

19 Tammi 20227min