SlideShare a Scribd company logo

Latinoware 2019 - Securing Clouds Wide Open

Download as PPTX, PDF
Tenchi Security
Tenchi Security

Palestra ministrada Latinoware 2019

Technology
1 of 25
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Securing Clouds Wide Open Felipe “Pr0teus” Espósito, Senior Researcher @pr0teusbr Foz do Iguaçu, 27 de Novembro de 2019
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 2 Sobre mim ● Former Co-Founder BlueOps (acquired by Tenchi) ● Senior Cloud Researcher & Consultant @ Tenchi Security ● Speaker / CTF organizer (BlueWars) ● Master’s Degree in Network Security ● Love coffee & Chocolate
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Um dos problemas 3
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 4 Mais problemas
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Agenda 1. Cloud computing 2. On Premises Vs. Nuvem 3. Vuln Time ! 4. Fix Time ! 5. Conclusões 5
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Cloud Computing 6 O que minha mãe pensa que é O que o Chefe de Tecnologia Pensa que é O que o estagiário acha que é
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Cloud Computing 7 O que na verdade é...
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. On Premises Vs. Nuvem 8
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 9 Diferenças
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 10 Vuln time! - Como explorar - Dinâmica do ataque. - Como corrigir Pray for the DEMO God!
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Credenciais de acesso 11
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Fix 12
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Still they do… 13 https://github.com/UnkL4b/GitMiner
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Incident Response ● Invalidate the credentials. ● Change Passwords OR delete the user ● Done =D 14 ● Are you sure ?! ● Check if any other credential was created temporary can last up to 36 hours.
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Bucket S3 Aberto 15
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 16
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 17
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. EC2 com serviço exposto 18
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 19
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Fixing Rever a arquitetura do projeto. 20
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Server Side Request Forgery 21
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 22
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Conclusões 1. Cloud computing traz novos desafios à segurança. 2. Credenciais são muito importante, não as perca. 3. O ambiente mais seguro é aquele que você mais domina os recursos. 23
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. https://latinsec19.rtfm-ctf.org Registre-se em: Premiação: 3 ingressos do H2HC
Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Q&A fesposito@tenchisecurity.com @Pr0teusBR @tenchisecurity

Recommended

Beginning to live in dev ops raul hugo - agile day
Beginning to live in dev ops raul hugo - agile day Beginning to live in dev ops raul hugo - agile day
Beginning to live in dev ops raul hugo - agile day Raul Hugo
 
Business Of Open Source
Business Of Open SourceBusiness Of Open Source
Business Of Open SourceLiza Kindred
 
Deepfake Videos on the Rise: Examining the Alarming Concerns
Deepfake Videos on the Rise: Examining the Alarming ConcernsDeepfake Videos on the Rise: Examining the Alarming Concerns
Deepfake Videos on the Rise: Examining the Alarming ConcernsbluetroyvictorVinay
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingAsep Sopyan
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Dev oops slashing the find-fix cycle
Dev oops slashing the find-fix cycleDev oops slashing the find-fix cycle
Dev oops slashing the find-fix cycleOrcaConfig.com
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the UnionSander Temme
 

Recommended

Beginning to live in dev ops raul hugo - agile day
Beginning to live in dev ops raul hugo - agile day Beginning to live in dev ops raul hugo - agile day
Beginning to live in dev ops raul hugo - agile day Raul Hugo
 
Business Of Open Source
Business Of Open SourceBusiness Of Open Source
Business Of Open SourceLiza Kindred
 
Deepfake Videos on the Rise: Examining the Alarming Concerns
Deepfake Videos on the Rise: Examining the Alarming ConcernsDeepfake Videos on the Rise: Examining the Alarming Concerns
Deepfake Videos on the Rise: Examining the Alarming ConcernsbluetroyvictorVinay
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingAsep Sopyan
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Dev oops slashing the find-fix cycle
Dev oops slashing the find-fix cycleDev oops slashing the find-fix cycle
Dev oops slashing the find-fix cycleOrcaConfig.com
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the UnionSander Temme
 
Follow the data
Follow the dataFollow the data
Follow the datamainplus
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...Lukas Ritzel
 
All Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call SystemAll Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call SystemMolly Struve
 
The Business Of Open Source
The Business Of Open SourceThe Business Of Open Source
The Business Of Open SourceLiza Kindred
 
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKETKEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKETSteven Rhyner
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Steve Werby
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys101 Blockchains
 
Generating and developing idea: Function
Generating and developing idea: FunctionGenerating and developing idea: Function
Generating and developing idea: FunctionCaksback
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute BeginnersHessan Adnani
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Startup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup fundedStartup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup fundedSlideBlueprint.com
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hackingHam'zzah Mir-zza
 
Your e image presentation 2
Your e image presentation 2Your e image presentation 2
Your e image presentation 2opiedog1
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?Christopher Grayson
 
Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019Blockchain Council
 
Cybersafety
CybersafetyCybersafety
CybersafetyTom Waspe Teach
 
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...Tenchi Security
 
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Tenchi Security
 

More Related Content

Similar to Latinoware 2019 - Securing Clouds Wide Open

Follow the data
Follow the dataFollow the data
Follow the datamainplus
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...Lukas Ritzel
 
All Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call SystemAll Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call SystemMolly Struve
 
The Business Of Open Source
The Business Of Open SourceThe Business Of Open Source
The Business Of Open SourceLiza Kindred
 
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKETKEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKETSteven Rhyner
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Steve Werby
 
Generating and developing idea: Function
Generating and developing idea: FunctionGenerating and developing idea: Function
Generating and developing idea: FunctionCaksback
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute BeginnersHessan Adnani
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Startup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup fundedStartup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup fundedSlideBlueprint.com
 
Your e image presentation 2
Your e image presentation 2Your e image presentation 2
Your e image presentation 2opiedog1
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019Blockchain Council
 

Similar to Latinoware 2019 - Securing Clouds Wide Open (20)

Follow the data
Follow the dataFollow the data
Follow the data
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...What is so special about working with Digital Natives - the good, the bad & t...
What is so special about working with Digital Natives - the good, the bad & t...
 
All Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call SystemAll Day DevOps: Calling Out A Terrible On-Call System
All Day DevOps: Calling Out A Terrible On-Call System
 
The Business Of Open Source
The Business Of Open SourceThe Business Of Open Source
The Business Of Open Source
 
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKETKEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
KEEPKEY AND TREZOR: BITCOIN VAULTS IN YOUR POCKET
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
 
Generating and developing idea: Function
Generating and developing idea: FunctionGenerating and developing idea: Function
Generating and developing idea: Function
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)
 
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
[Workshop] Getting Started with Cryptos, NFTs & Web 3.0 for Absolute Beginners
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Startup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup fundedStartup pitch deck series 1 of 7: How can i get my startup funded
Startup pitch deck series 1 of 7: How can i get my startup funded
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hacking
 
Your e image presentation 2
Your e image presentation 2Your e image presentation 2
Your e image presentation 2
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019Top 10 cryptocurrency security tips for 2019
Top 10 cryptocurrency security tips for 2019
 
Cybersafety
CybersafetyCybersafety
Cybersafety
 

More from Tenchi Security

us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...Tenchi Security
 
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Tenchi Security
 
Hunting for AWS Exposed Resources
Hunting for AWS Exposed ResourcesHunting for AWS Exposed Resources
Hunting for AWS Exposed ResourcesTenchi Security
 
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...Tenchi Security
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsTenchi Security
 
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...Tenchi Security
 
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)Tenchi Security
 
SaaSpocalypse - The Complexity and Power of AWS Cross Account Access
SaaSpocalypse - The Complexity and Power of AWS Cross Account AccessSaaSpocalypse - The Complexity and Power of AWS Cross Account Access
SaaSpocalypse - The Complexity and Power of AWS Cross Account AccessTenchi Security
 
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)Novos Paradigmas de Segurança com adoção de Nuvem (AWS)
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)Tenchi Security
 
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CT
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CTPalestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CT
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CTTenchi Security
 
Introdução à Segurança de Containers e Kubernetes
Introdução à Segurança de Containers e KubernetesIntrodução à Segurança de Containers e Kubernetes
Introdução à Segurança de Containers e KubernetesTenchi Security
 
Webinar Segurança de DevOps
Webinar Segurança de DevOpsWebinar Segurança de DevOps
Webinar Segurança de DevOpsTenchi Security
 

More from Tenchi Security (12)

us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
us-east-1 Shuffle_ Lateral Movement and other Creative Steps Attackers Take i...
 
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
 
Hunting for AWS Exposed Resources
Hunting for AWS Exposed ResourcesHunting for AWS Exposed Resources
Hunting for AWS Exposed Resources
 
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...
The Fault in Our Stars - Attack Vectors for APIs Using Amazon API Gateway Lam...
 
Detecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ailsDetecting AWS control plane abuse in an actionable way using Det{R}ails
Detecting AWS control plane abuse in an actionable way using Det{R}ails
 
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...
Aprendizados da Gestão de Riscos e Conformidade Regulatória de sua Organizaçã...
 
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)
Mapeando problemas de privilégios no AWS IAM (Identity & Access Management)
 
SaaSpocalypse - The Complexity and Power of AWS Cross Account Access
SaaSpocalypse - The Complexity and Power of AWS Cross Account AccessSaaSpocalypse - The Complexity and Power of AWS Cross Account Access
SaaSpocalypse - The Complexity and Power of AWS Cross Account Access
 
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)Novos Paradigmas de Segurança com adoção de Nuvem (AWS)
Novos Paradigmas de Segurança com adoção de Nuvem (AWS)
 
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CT
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CTPalestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CT
Palestra Medindo seu nível de Visibilidade e Detecção usando ATT&CK e DeTT&CT
 
Introdução à Segurança de Containers e Kubernetes
Introdução à Segurança de Containers e KubernetesIntrodução à Segurança de Containers e Kubernetes
Introdução à Segurança de Containers e Kubernetes
 
Webinar Segurança de DevOps
Webinar Segurança de DevOpsWebinar Segurança de DevOps
Webinar Segurança de DevOps
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Latinoware 2019 - Securing Clouds Wide Open

  • 1. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Securing Clouds Wide Open Felipe “Pr0teus” Espósito, Senior Researcher @pr0teusbr Foz do Iguaçu, 27 de Novembro de 2019
  • 2. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 2 Sobre mim ● Former Co-Founder BlueOps (acquired by Tenchi) ● Senior Cloud Researcher & Consultant @ Tenchi Security ● Speaker / CTF organizer (BlueWars) ● Master’s Degree in Network Security ● Love coffee & Chocolate
  • 3. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Um dos problemas 3
  • 4. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 4 Mais problemas
  • 5. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Agenda 1. Cloud computing 2. On Premises Vs. Nuvem 3. Vuln Time ! 4. Fix Time ! 5. Conclusões 5
  • 6. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Cloud Computing 6 O que minha mãe pensa que é O que o Chefe de Tecnologia Pensa que é O que o estagiário acha que é
  • 7. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Cloud Computing 7 O que na verdade é...
  • 8. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. On Premises Vs. Nuvem 8
  • 9. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 9 Diferenças
  • 10. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 10 Vuln time! - Como explorar - Dinâmica do ataque. - Como corrigir Pray for the DEMO God!
  • 11. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Credenciais de acesso 11
  • 12. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Fix 12
  • 13. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Still they do… 13 https://github.com/UnkL4b/GitMiner
  • 14. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Incident Response ● Invalidate the credentials. ● Change Passwords OR delete the user ● Done =D 14 ● Are you sure ?! ● Check if any other credential was created temporary can last up to 36 hours.
  • 15. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Bucket S3 Aberto 15
  • 16. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 16
  • 17. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 17
  • 18. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. EC2 com serviço exposto 18
  • 19. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 19
  • 20. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Fixing Rever a arquitetura do projeto. 20
  • 21. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Server Side Request Forgery 21
  • 22. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 22
  • 23. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Conclusões 1. Cloud computing traz novos desafios à segurança. 2. Credenciais são muito importante, não as perca. 3. O ambiente mais seguro é aquele que você mais domina os recursos. 23
  • 24. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. https://latinsec19.rtfm-ctf.org Registre-se em: Premiação: 3 ingressos do H2HC
  • 25. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. Q&A fesposito@tenchisecurity.com @Pr0teusBR @tenchisecurity