Closing the Cloud Security Loop: Turning Theoretical Risk into Actionable Defense
Track 2 – 12:00pm
David-Constantin Dobritoiu
Bio
David-Constantin Dobritoiu works as an Associate Cyber Threat Analyst at Flutter Entertainment (through its Romanian Hub, Betfair Romania Development). Basically, he's into studying how bad guys act online and finding ways to break stuff (legally) so security teams can fix it. He's pretty good at turning threat info into realistic enemy simulations. When he's not chasing the latest cloud attack trends, he's usually doing full AWS setup reviews—mostly 'cause a coworker told him it’d be "really easy to do on his own." He's super into helping security teams focus on the real threats and close the attack routes that actually matter.
Talk Abstract
Cloud security teams are currently drowning in useless alerts. Our tools generate thousands of potential misconfigurations, but without context, everything looks critical, which means nothing is.
In the modern cloud, the traditional network firewall is dead; identity is the new perimeter. Because of this shift, legacy testing methods fall short, and attackers are now laser-focused on abusing identities, access controls, and automation pipelines. As an offensive security practitioner, simply handing the Blue Team a massive spreadsheet of theoretical risks doesn't fix the problem, it just creates more noise.
This talk is about breaking that cycle and "closing the loop." We will move away from reactive, compliance-driven checkbox security and learn how to use current threat intelligence to drive targeted, offensive cloud testing.
To prove how these misconfigurations are actively exploited, I will walk through a real-world cloud attack scenario. We will go step-by-step, using standard AWS CLI commands, to show how an attacker pivots from a single leaked token to assuming a production role and exfiltrating data. Finally, we will look at how defensive teams can use visualization and graph tooling to map out these exact attack paths. Attendees will leave with a practical framework for identifying and breaking the "toxic combinations" of cloud risks, stopping attackers long before a breach occurs.
Intended Audience
Audience: Cloud Security Engineers, SOC Analysts, Purple Teamers, and Penetration Testers. Prior Knowledge: A basic understanding of cloud architecture (AWS/Azure) and IAM (Identity and Access Management) concepts.
How NSFW is this talk?
(How spicy is your talk in chilli's?)
Mild/Standard. The content is technical and focused on cloud exploitation, but contains no NSFW elements and is suitable for a general professional audience.