With over half of the fortune 500 on board, Cloud Foundry is considered to be the world's leading cloud platform. In this session, we will show some very interesting vulnerabilities that we identified and responsibly disclosed over this year to the platform's maintainers. We will discuss issues in working with zip files, using parameters in ruby-rack as well as various cases of time-of-check vs time-of-use and expand on each issue with a barrage of real world examples.
In the second part of the session we will work out how migrating applications to a cloud environment might open them up to new and exciting vectors that are otherwise considered unexploitable.
We will see how with new technologies come new vulnerabilities and sometimes, it's just the old vulnerabilities that are making a comeback.
Attendees could perform the learnt attacks on a pre-configured environment during the workshop.
Authentication mechanisms are considered to be the most sensitive part of any application and yet they seem to be some of the most prone for implementation errors. In this session, the security researcher will discuss how he broke the authentication mechanisms for some of the biggest applications in the world (Uber, Yahoo, Twitter, etc.). He will present advanced practical ways of exploiting SSO mechanisms such as SAML and OAuth, as well as user invitations and password reset mechanisms.
In the second part of this session we will examine how CSP(Content Security Policy) helped fixing one of the vulnerabilities and we will elaborate about the various security-related HTTP security headers described by The Internet Engineering Task Force (IETF).
A security researcher from GE Digital will discuss what each one of these headers does to help augment web application security and under what circumstances they could be bypassed by a clever adversary.
Attendees could perform the learnt attacks on a pre-configured environment during the workshop.
Open source modules, maven and python packages, ruby gems and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your users data.
The security risk from vulnerable open source binaries is well understood. While still often mishandled, there are good practices for tackling it, and industry trends like Serverless & PaaS all but eliminate it.
Vulnerabilities in open source code packages, however, get practically no air time. These packages, pulled from the likes of npm, RubyGems and Maven, are just as prevalent, outdated and hard to manage. More importantly, they’re just as vulnerable!
In this talk I’ll share details and demonstrate several vulnerabilities in popular packages. For each issue, I’ll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.
Hash functions are all around us, being used for a variety of applications such as data integrity verification, de-duplication algorithms and as pointer generators in hash-tables. In this session a security researcher from GE Digital will discuss and demonstrate the differences between cryptographic and none-cryptographic hashes, generating collisions and performing cache poisoning and timing attacks against applications that use hashing naively.
Attendees could perform the learnt attacks on a pre-configured environment during the workshop.
"Connect all the things!" is, for some time now, the main theme when talking about IoT devices, solutions and products. Our eagerness to find new, at times - innovative, ways to make anything to rhyme along the anthem of the internet is a great promise for malicious activity.
As those devices supposed to be lightweight they mostly rely on a small fingerprint stack of protocols - one of those protocols is the message protocol - MQTT.
We will go deep into protocol details, observe how common is to find such devices (and how), and several novel ways to abuse any one of tens of thousands easily spotted publicly facing MQTT brokers on the internet for "fun and profit".
During the presentation we will learn about - WHAT is using MQTT (common and extreme examples) - How SPREAD OUT it is? I’ll be sharing statistical information on different MQTT brokers and version fragmentation collected during research - An OVERVIEW of o its infrastructure and protocol bit & bytes (no prior knowledge required, your head won’t be blown). o General purpose TOOLS – libraries, open source software and apps - RECON – exploring device’s settings, gathering intel, spotting vulnerable devices (+ dropping tools) - Identifying clients - EXPLOITING bad configurations for fun and profit (+ in-the-wild examples): o Spy on subscribers via MQTT o Running remote code on connected devices. o Hijack unsuspected servers and utilize them for evil (e.g. botnet communication). o Misconfigured broker spits machine’s credentials. - DEMOs - Notes on securing your own MQTT-wielding IoT device. - All tools and scripts that were used will be shared right after the talk