Hackers of India

From Tenancy to Exposure: Visualizing OCI Attack Surface

By Satyam Dubey on 28 Apr 2026 @ Defcon : DemoLabs
πŸ”— Link
We need help to complete this entry! Missing: Source Code
I can help!
#cloud-pentesting #attack-surface #reconnaissance #cloud-security-posture-management
Focus Areas: βš–οΈ Governance, Risk & Compliance , ☁️ Cloud Security , 🎯 Penetration Testing
This tool demo covers following tools where the speaker has contributed or authored
OCI-ATTACK-SURFACE-VISUALIZER

Abstract

Visualization is the starting point of security, but in Oracle Cloud Infrastructure (OCI) environments, true attack surface awareness is often fragmented. Assets are distributed across compartments, governed by layered IAM policies, and interconnected through virtual networking constructs that defy flat inventory approaches.

This demo lab presents a tool designed to map, visualize, and analyze OCI attack surfaces by correlating compartment hierarchies, IAM policy relationships, network paths, and resource configurations into a unified graph-based view. Rather than relying on static asset inventories, the tool dynamically models how identity, access, and network exposure intersect to reveal real-world attack paths that traditional tools miss.