Presentation on how to chat with PDF using ChatGPT code interpreter
Latinoware 2019 - Securing Clouds Wide Open
1. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Securing Clouds
Wide Open
Felipe “Pr0teus” Espósito, Senior Researcher
@pr0teusbr
Foz do Iguaçu, 27 de Novembro de 2019
2. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
2
Sobre mim
● Former Co-Founder BlueOps (acquired by Tenchi)
● Senior Cloud Researcher & Consultant @ Tenchi Security
● Speaker / CTF organizer (BlueWars)
● Master’s Degree in Network Security
● Love coffee & Chocolate
3. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Um dos problemas
3
4. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
4
Mais problemas
5. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Agenda
1. Cloud computing
2. On Premises Vs. Nuvem
3. Vuln Time !
4. Fix Time !
5. Conclusões
5
6. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Cloud Computing
6
O que minha mãe pensa
que é
O que o Chefe de
Tecnologia Pensa que é
O que o estagiário acha
que é
7. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Cloud Computing
7
O que na verdade é...
8. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
On Premises Vs. Nuvem
8
9. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
9
Diferenças
10. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
10
Vuln time!
- Como explorar
- Dinâmica do ataque.
- Como corrigir
Pray for the DEMO God!
11. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Credenciais de acesso
11
12. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Fix
12
13. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Still they do…
13
https://github.com/UnkL4b/GitMiner
14. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Incident Response
● Invalidate the credentials.
● Change Passwords OR delete the user
● Done =D
14
● Are you sure ?!
● Check if any other credential was created
temporary can last up to 36 hours.
15. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Bucket S3 Aberto
15
16. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
16
17. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
17
18. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
EC2 com serviço exposto
18
19. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
19
20. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Fixing
Rever a arquitetura do projeto.
20
21. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Server Side Request Forgery
21
22. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
22
23. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Conclusões
1. Cloud computing traz novos desafios à segurança.
2. Credenciais são muito importante, não as perca.
3. O ambiente mais seguro é aquele que você mais domina os
recursos.
23
24. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
https://latinsec19.rtfm-ctf.org
Registre-se em:
Premiação: 3 ingressos do H2HC
25. Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.Tenchi Security confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Q&A
fesposito@tenchisecurity.com
@Pr0teusBR
@tenchisecurity