Network Pentest 2.0 : The Cloud Pentest Revolution
Cloud Security Podcast22 Elo 2023

Network Pentest 2.0 : The Cloud Pentest Revolution

Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth.


Episode YouTube: ⁠ ⁠Video Link⁠⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Seth Art's Linkedin ⁠⁠⁠⁠⁠⁠(⁠⁠Seth Art Linkedin)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Question


(00:00) Introduction

(05:17) A bit about Seth Art

(06:44) Network vs Infrastructure Security Pentest

(08:00) Internal vs External Network Security Pentest

(10:26) Assumed vs Objective Based Pentest

(12:51) Is network pentest dead?

(14:04) How to approach network and cloud pentests?

(20:12) Cloud pentest is more than config review

(24:04) Examples of cloud pentest findings

(30:07) Scaling pentests in cloud

(32:25) Traditional skillsets to cloud pentest

(36:58) A bit about cloudfoxable

(39:31) Cloud pentest and Zero Trust

(40:54) Staying ahead of CSP releases

(44:31) Third party shared responsibility

(47:35) 1 fun question

(48:36) Boundary for cloud pentest

(52:21) Last 2 fun questions


These are some of the resources that Seth shared during the episode along with the tools he has created

See you at the next episode!

Jaksot(344)

Kubernetes (Goat) Vulnerable by Design - Madhu Akula

Kubernetes (Goat) Vulnerable by Design - Madhu Akula

In this episode of the Virtual Coffee with Ashish edition, we spoke with Madhu Akula (@madhuakula) is an international Kubernetes Security Public Speaker, Black Hat Trainer, Creator of open source rep...

2 Touko 202149min

CISO PERSPECTIVE SERIES: LINKEDIN CISO - Geoff Belknap

CISO PERSPECTIVE SERIES: LINKEDIN CISO - Geoff Belknap

In this episode of the Virtual Coffee with Ashish edition, we spoke with Geoff Belknap (@geoffbelknap) is the Chief Security Officer of Linkedin (@LinkedIn). In this episode, Geoff & Ashish spoke abou...

27 Huhti 202153min

Study Hall: Honest truth behind learning Kubernetes

Study Hall: Honest truth behind learning Kubernetes

In this Study Hall - Kelsey Hightower explains is it really complex to learn Kubernetes and whether it's really complex. Nothing but the Honest Trust from Kelsey on this episode. Full Episode on Clo...

27 Huhti 20215min

Building Threat Detection for your Cloud Environment

Building Threat Detection for your Cloud Environment

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ashwin Patil (@ashwinpatil) who is a returning guest from Season 1 of the Cloud Security Podcast. Ashwin is a Senior Program Ma...

18 Huhti 202150min

Cloud Governance using Infrastructure as Code (IaC)

Cloud Governance using Infrastructure as Code (IaC)

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ohad Maishlish is the CEO & Co-Founder of env0. Host: Ashish Rajan - Twitter @hashishrajan Guest: Ohad Maislish - Linkedin ...

11 Huhti 202140min

Kubernetes Security Explained for those starting today! - Kelsey Hightower

Kubernetes Security Explained for those starting today! - Kelsey Hightower

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kelsey Hightower (@kelseyhightower) is the Staff Advocate at Google Cloud (@GoogleCloud) and co-author of “Kubernetes: Up and R...

4 Huhti 202154min

Getting Infrastructure as Code (IaC) Security Culture right! - Yoni Leitersdorf

Getting Infrastructure as Code (IaC) Security Culture right! - Yoni Leitersdorf

In this episode of the Virtual Coffee with Ashish edition, we spoke with Yoni Leitersdorf (@yonadavl) who is the CEO & Co-Founder of Indeni Host: Ashish Rajan - Twitter @hashishrajan Guest: Yoni Le...

28 Maalis 202143min

Azure Security Best Practices for Cloud Architects - John Savill

Azure Security Best Practices for Cloud Architects - John Savill

In this episode of the Virtual Coffee with Ashish edition, we spoke with John Savill (Linkedin_John Savill) is the Principal Cloud Architect, Author and YouTuber. Host: Ashish Rajan - Twitter @hashi...

21 Maalis 202157min