Back To Schedule
Wednesday, October 18 • 10:15 - 11:45
CtF Workshop #1 - Breaking Clouds

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

With over half of the fortune 500 on board, Cloud Foundry is considered to be the world's leading cloud platform. In this session, we will show some very interesting vulnerabilities that we identified and responsibly disclosed over this year to the platform's maintainers. We will discuss issues in working with zip files, using parameters in ruby-rack as well as various cases of time-of-check vs time-of-use and expand on each issue with a barrage of real world examples. 

In the second part of the session we will work out how migrating applications to a cloud environment might open them up to new and exciting vectors that are otherwise considered unexploitable.

We will see how with new technologies come new vulnerabilities and sometimes, it's just the old vulnerabilities that are making a comeback. 

Attendees could perform the learnt attacks on a pre-configured environment during the workshop.


Eran Shmuely

Sr Staff Cyber Security Researcher, GE Digital

Vladi Sandler

Security Researcher, GE

Wednesday October 18, 2017 10:15 - 11:45 IDT
Room 37 - CS and Communications Building