Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

To help identify these exposed EBS volumes and allow individuals and businesses to secure their secrets, the Bishop Fox team developed Dufflebag, an open source tool now available on GitHub. In this video, Dan Petro explain how Dufflebag works.


Transcript

The Dufflebag tool from Bishop Fox can search exposed elastic block store volumes for sensitive information that may have accidentally been left lying around. To get started, simply build the code into a zipfile instructions on our Github and make an elastic Beanstalk out from it, which you're seeing now once you push the project into elastic beanstalk. Amazon handles all the messy architecture management for you and it makes scaling up and down a breeze. Pay attention to your AWS billing page, but Beanstalk apps are actually pretty inexpensive. You can monitor the execution of the program from the dashboard here. Dufflebag rummages through although publicly exposed EBS volumes on AWS and searches for secrets like this shadow file here. This one's empty but believe me there's more out there!


Dan petro

About the author, Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
More by Dan

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.