DeepSec 2023 Training: Terraform: Infrastructure as Remote Code Execution – Michael McCabe
This workshop will focus on ways to abuse the use of Terraform to elevate privileges, expose data, and gain further footholds in environments from a developer’s perspective. We’ll cover the common uses of Terraform and how a malicious actor could abuse Terraform. This talk will include multiple demos. We asked Michael a few more questions about his training. Please tell us the top 5 facts about your training. It will be very hands-on and great for folks that aren’t familiar with Terraform or have some experience. People will start with basic Terraform implementations in the cloud (AWS) and move up to more complex scenarios. We’ll cover multiple ways to hack via Terraform pipelines. You’ll learn how to use tools to prevent these abuses. You’ll have access to the lab code and can continue working