LIVE DEMO: Supply Chain Attack in the Terraform Registry

LIVE DEMO of a supply chain attack.

Security

Cloud

DevOps

Terraform currently has the largest market share of the IaC tools, used to manage billions of dollars of enterprise infrastructure. The Terraform Registry allows engineers to use community modules in their configurations.

What few users know is that the Registry has a major security hole, allowing module authors to insert malicious code without the end user being aware. Come to this talk to learn about supply chain attacks and watch Kyle steal his own enterprise credentials through a module on the Terraform Registry. Guaranteed, you will never use it again.

Kyle Kotowick

Dr. Kyle Kotowick is the founder of a Canadian consulting and development firm focusing on cloud infrastructure, security, and Internet-of-Things implementations for high-growth clients. He completed his Ph.D. in MIT's Computer Science and Artificial Intelligence Laboratory, joint with the Department of Aeronautics and Astronautics. He has served as a consultant, systems architect, and developer for global firms, startups, and universities; as a project lead for military medical and communication technology; and as a researcher for military navigation systems and for life support systems in space. He specializes in working with both startups and enterprise clients to define requirements and explore possible solutions, as well as in leading the development of project architecture, cloud services, and back-end software.

NDC { Oslo }

LIVE DEMO: Supply Chain Attack in the Terraform Registry

Kyle Kotowick