Securing your Terraform State File with Daniel Grzelak episode artwork

EPISODE · Apr 12, 2024 · 20 MIN

Securing your Terraform State File with Daniel Grzelak

from The IaC Podcast

How could read access to an S3 bucket escalate to a full AWS environment compromise? Daniel Grzelak walks us through a real red team engagement that sparked his research into Terraform state file vulnerabilities. Hear about the evolution of these vulnerabilities into significant security concerns and how OpenTofu 1.7's state encryption feature is set to change the game.Listen now and explore Daniel's detailed insights on 'Hacking Terraform State for Privilege Escalation' here.Daniel Grzelak is a 20-year cybersecurity industry veteran, investor, advisor, and speaker. He is no longer the CISO at Linktree nor the Head of Security at Atlassian, but he tries to stay relevant by hacking AWS and Cloud in general.

NOW PLAYING

Securing your Terraform State File with Daniel Grzelak

0:00 20:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The IaC Podcast?

This episode is 20 minutes long.

When was this The IaC Podcast episode published?

This episode was published on April 12, 2024.

What is this episode about?

How could read access to an S3 bucket escalate to a full AWS environment compromise? Daniel Grzelak walks us through a real red team engagement that sparked his research into Terraform state file vulnerabilities. Hear about the evolution of these...

Can I download this The IaC Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!