Alex Delamotte

WORKSHOP: Taxonomy in the Troposphere: A Cloud Threat Analysis Workshop

Cloud malware is a little different from what most researchers are accustomed to. Instead of tackling the latest mangled binary du jour (looking at you, Rust), the emerging cloud attack surfaces are primarily targeted by scripts that ChatGPT can readily make using trusty tools like Python and Shell scripts.

In this workshop, attendees will get a background on cloud malware techniques and delivery formats and how they’ve been used by various groups. We will explore how to look for interesting features in a script with 12k lines of code, and the frequently used tricks to interact with cloud service APIs for features like spamming, propagation, and persistence. We will also dive into how to hunt for new samples on VirusTotal, so attendees can find new cloud threats.

Workshop Requirements

• A laptop with VSCode, Python, and *nix binary tools like grep & cat
• VirusTotal Enterprise license (recommended but not required)
• A willingness to obtain some malware from a GitHub repository or from a USB stick onsite

Alex Delamotte is a Senior Threat Researcher with the SentinelLabs team. She is based in Las Vegas. Alex’s passion for cybersecurity is humbly rooted in the early aughts when she declared a vendetta against a computer worm. During her 13-year career, she has worked across many infosec domains, from AppSec to Threat Hunting.

Alex has presented research at Defcon’s Cloud Village, HushCon, and Sleuthcon, where she outlined how defending against and emulating cloud threats differs from the endpoint world. In her spare time, Alex can be found DJing and supporting the arts.