2024-11-01, 17:30–18:00 (Europe/Amsterdam), Main stage
If an attacker could execute arbitrary policies on a policy engine, would that pose a danger? Turns out, the answer is yes. Policy engines are crucial for enforcing compliance and security rules within business-critical processes, including Infrastructure-as-Code (IaC) deployments and Kubernetes operations. Our research focused on inherent risks associated with popular policy-as-code and IaC domain-specific languages (DSLs): OPA's Rego language and Terraform's Hashicorp Configuration Language (HCL).
In this talk, we will explore and demonstrate malicious techniques targeting these DSLs, including novel methods such as DNS tunneling discovered during our research. We will discuss the adoption of these techniques by attackers and evaluate the effectiveness of current scanning tools against them.
Finally, we will conclude by providing practical detection rules and best practices to safeguard PaC and IaC environments against such risks.
Shelly is a Senior Security Researcher at Tenable, specializing in cloud security research. In her previous roles, Shelly worked as a security researcher and threat hunting expert at Hunters. With 7 years of experience in cybersecurity, Shelly has conducted extensive research in detection engineering, host forensics, malware analysis, and reverse engineering. Outside of work, Shelly loves spending time with her two baby cats.