Bishop Fox is proud to present at DragonJar Security Conference 2024. Senior Security Consultant Berenice Flores will discuss insecure default configuration in cloud installations, while Managing Consultant III Hector Cruz will host a Lock Picking Village.

For more details, visit the official DragonJar Security Conference 2024 website.

The New "admin:admin"? - Insecure Default Configuration in Cloud Installations

Speaker: Berenice Flores   |    Date/Time: Friday, September 27 at 4:30-5:30 p.m. CT

A few years ago, it was quite common to find insecure admin:admin credentials as the default configuration after installing a web service or application. Very similar risks are now occurring on the cloud side in new components or frameworks that require high computing power to function. It is then that the user performs the cloud installation following the vendor's configuration and maintains this configuration that is insecure by default, either due to ignorance or omission, which can bring great risks to the user's cloud. In this talk I will show practical and real examples of default configurations established by vendors for AWS, where overly permissive policies or insecure EC2 configurations can be (ab)used to steal information or perform privilege escalation.

Lock Picking Village

Together with 7 young students (4 women, 3 men), Hector Cruz has prepared this village and will be teaching attendants how locks, handcuffs, safe-deposit box and suitcases works and how to bypass security mechanisms.