Beau Bullock & Mike Felch

OK Google, How do I Red Team GSuite?

As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.

In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.

Biography

Beau is a Senior Security Analyst at Black Hills Information Security and has held positions in the financial and health industries. He has experience with all aspects of enterprise network security including penetration testing, and vulnerability analysis. Beau is the developer of the PowerShell tool MailSniper, a Hack Naked TV host, and frequent speaker at industry events. @dafthack on Twitter.

Mike is currently a red teamer / pentester for Black Hills Information Security. He began his career in 1997 as a Linux Administrator which eventually led to numerous offensive security roles, software development and hardware/software security research. Mike is also a lead forensics instructor for TeelTech, an Officer for OWASP Orlando (Chief Breaker) and an organizer for BSides Orlando.