Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Rob Ragan to Present at Global AppSec San Francisco 2020

Date & Time:
Past Event
Global appsec 2020 card

We are proud to announce that Bishop Fox principal researcher Rob Ragan will be presenting SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns at Global AppSec San Francisco 2020.

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Abstract

Do you know what is internet accessible in your AWS environments? The answer and methodology of how you arrive at the answer may be the difference between missing critical exposures and complete situational awareness. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of tools, techniques, and internet scanners can't find them. Let us show you how to find them and what it means for the future of unwanted exposures. A comprehensive asset inventory is step one to any capable security program. What does having an accurate inventory mean to an AWS administrator and ongoing security engineering effort?

Our approach involves leveraging AWS security services and metadata to translate the raw configuration into patterns of targetable services that a security team can utilize for further analysis.

In this presentation we will look at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Key Takeaways:

  • Learn how to continuously maintain an inventory of AWS services and understand their internet-exposures
  • Discover how to leverage automation from AWS Access Analyzer and a freely available open source tool from Bishop Fox to operationalize exposure testing
  • See practical demonstrations of how engineering and security teams can determine impact of their security group configurations

Rob ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.