DEF CON 27 (2019) - Finding Secrets In Publicly Exposed EBS Volumes - Ben Morris
https://www.bishopfox.com/
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Morris
Download the tool here: https://know.bishopfox.com/research/dufflebag-uncovering-exposed-ebs
DEF CON 27 (2019) - More Keys Than A Piano - Finding Secrets In Publicly Exposed Ebs Volumes - 09Aug2019
Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see.
I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all.
There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.
---
xBen "benmap" Morris
Ben Morris is a Security Associate at Bishop Fox, a consulting firm providing cybersecurity services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing, network penetration testing, and red-teaming.
Ben also enjoys performing drive-by pull requests on security tools and bumbling his way into vulnerabilities in widely used PHP and .NET frameworks and plugins. Ben has also contributed to Root the Box, a capture the flag security competition.
Видео DEF CON 27 (2019) - Finding Secrets In Publicly Exposed EBS Volumes - Ben Morris канала Bishop Fox
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Morris
Download the tool here: https://know.bishopfox.com/research/dufflebag-uncovering-exposed-ebs
DEF CON 27 (2019) - More Keys Than A Piano - Finding Secrets In Publicly Exposed Ebs Volumes - 09Aug2019
Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see.
I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all.
There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.
---
xBen "benmap" Morris
Ben Morris is a Security Associate at Bishop Fox, a consulting firm providing cybersecurity services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing, network penetration testing, and red-teaming.
Ben also enjoys performing drive-by pull requests on security tools and bumbling his way into vulnerabilities in widely used PHP and .NET frameworks and plugins. Ben has also contributed to Root the Box, a capture the flag security competition.
Видео DEF CON 27 (2019) - Finding Secrets In Publicly Exposed EBS Volumes - Ben Morris канала Bishop Fox
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Bill Graydon - Duplicating Restricted Mechanical Keys - DEF CON 27 Conference
I'll Let Myself In: Tactics of Physical Pen Testers
How the Best Hackers Learn Their Craft
Robin Dreeke - Sizing People Up - DEF CON 27 Social Engineering Village
DEF CON 25 - Gerald Steere, Sean Metcalf - Hacking the Cloud
DEFCON 17: Stealing Profits from Spammers or: How I learned to Stop Worrying and Love the Spam
DEF CON 25 (2017) - Weaponizing Machine Learning - Petro, Morris - Stream - 30July2017
DEFCON 13: Introduction to Lockpicking and Physical Security
DEF CON 24 - Hunter Scott - RT to Win: 50 lines of Python made me the luckiest guy on Twitter
Andreas Baumhof - Are Quantum Computers Really A Threat To Cryptography? - DEF CON 27 Conference
Nina Kollars - Confessions of an Nespresso Money Mule - DEF CON 27 Conference
DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems
Brad Dixon - Cheating in eSports How to Cheat at Virtual Cycling - DEF CON 27 Conference
DEF CON 22 - Chris Littlebury - Home Alone with localhost: Automating Home Defense
Kate Rose - Adversarial Fashion Sartorial Hacking - DEF CON 27 Crypto and Privacy Village
Jmaxxz - Your Car is My Car - DEF CON 27 Conference
DevSecOps : What, Why and How
Joseph Cox - How You Can Buy ATT TMobile and Sprint Real Time Location Data - DEF CON 27 Conference
DEF CON 26 - Steven Danneman - Your Banks Digital Side Door
DEFCON 16: Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving