Episode 19: Understanding Cloud Attack Vectors
Attendees Guest: Or Kamara Guest Title: Senior team lead Company: Synk Abstract Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack. Timing: 0:35 Introducing our guest 4:10 introducing the story the capital one hack 5:45 The phases of the Capital One hack 7:50 The first misconfiguration - servers exposed to the internet unintentionally 11:05 the SSRF vulnerability and understanding meta-data service 19:38 Using API keys for browsing S3 and how to mitigate it 26:00 things that Capital One did right and additional insights 28:00 how should developers and IT 30:50 shifting from traditional security to new cloud security mindset 36:00 summary and final words
Episode 19 of the SilverLining IL podcast, hosted by MarkeTech Group, titled "Episode 19: Understanding Cloud Attack Vectors" was published on August 2, 2020 and runs 40 minutes.
August 2, 2020 ·40m · SilverLining IL
Summary
Attendees Guest: Or Kamara Guest Title: Senior team lead Company: Synk Abstract Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack. Timing: 0:35 Introducing our guest 4:10 introducing the story the capital one hack 5:45 The phases of the Capital One hack 7:50 The first misconfiguration - servers exposed to the internet unintentionally 11:05 the SSRF vulnerability and understanding meta-data service 19:38 Using API keys for browsing S3 and how to mitigate it 26:00 things that Capital One did right and additional insights 28:00 how should developers and IT 30:50 shifting from traditional security to new cloud security mindset 36:00 summary and final words
Episode Description
Attendees
Guest: Or Kamara
Guest Title: Senior team lead
Company: Synk
Abstract
Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack.
Timing:
0:35 Introducing our guest
4:10 introducing the story the capital one hack
5:45 The phases of the Capital One hack
7:50 The first misconfiguration - servers exposed to the internet unintentionally
11:05 the SSRF vulnerability and understanding meta-data service
19:38 Using API keys for browsing S3 and how to mitigate it
26:00 things that Capital One did right and additional insights
28:00 how should developers and IT
30:50 shifting from traditional security to new cloud security mindset
36:00 summary and final words
Similar Episodes
Apr 1, 2026 ·50m
Mar 18, 2026 ·50m
Mar 11, 2026 ·42m
Mar 4, 2026 ·64m