I enjoy hacker films as much as the next bloke. Who doesn’t love a flashy NSA login page and some exciting terminal colour schemes? They always forget one thing, however; successful attacks are more like a game of chess with small actions orchestrated together, each bug, CVE and misconfiguration allows another successful move towards checkmate! In this session, we’ll use examples from our own research, highlighting potential attacker kill chains combining minor IaC misconfigurations in dangerous but preventable combinations with known CVE’s. We will also take a look, from a defender’s perspective, providing actionable takeaways your DevOps teams can start doing *today* to turn your security posture up to eleven.