Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity conferences from central and eastern Europe. Our presence at DefCamp was constant in the last years either through talks, partnership or both. Through the topics we covered we wanted to bring awereness about their existance and importance. Let us tell you what we gave back to the community this year.

Talk 1: SOC…1,2,3…

One of the talks was held by Gabriel Tanase, Partner at KPMG Romania, who also leads the our cybersecurity team.

The title of his talk was “SOC…1,2,3…” which, as he said, might make you believe is about Security Operations Center, but is in fact about internal control attestetion reports.

SOC 1, 2, 3 attestation is a competitive advantage. Many times, it is critical to make a sale or is a must from most important clients.

SOC reports are often used throughout various business sectors to screen providers early in the customer’s evaluation process. As SOC reports can provide organizations the benefits of detailed examination of general IT controls as well operational controls based on defined criteria for Security, Availability, Confidentiality, Processing Integrity and/or Privacy.

If you still don’t know what we’re talking about, make sure to check Gabriel’s presentation! The presentation is now on YouTube: SOC…1,2,3… at DefCamp 2022 – YouTube

Talk 2: Cloud Configuration Review – the new internal network pentest

The second talk was held by me, Eduard Agavriloae, Senior Penetration Tester at KPMG Romania. The title of the presentation was “Cloud Configuration Review – the new internal network pentest”.

Are you familiar with internal pentests, rights? It’s done to identify vulnerabilities that can be exploited once a breach occurs.

Well, what about a cloud environment? With a rapidly adoption of cloud technology the security can fall behind. In this talk I presented what are the approaches to identify misconfigurations within a cloud environment and how is it different from a classical pentest.

The presentation contains multiple examples inspired from our engagements and a full attack chain from the internet that can lead to the complete compromise of the cloud account.

Talk on YouTube: Cloud Configure Review – The new internal pentest at DefCamp 2022 – YouTube

Slides: Cloud configuration review – the new internal network pentest (def.camp)

Until next year

Presenting at DefCamp was fun and I, for one, can’t wait the next edition where I’m sure we’ll come with other interesting topics.