Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Expose Yourself Without Insecurity: Cloud Breach Patterns

Presentation from BSides Atlanta 2020 explores the unprecedented level of exposures in the Cloud and how they can be found.

Presentation by Oscar Salazar and Brandon Gaudet at BSides Atlanta 2020

Cloud providers continue to increase in usage for the next generation of internet services. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of internet scanners can’t find them. This presentation shows you how they can be found and what it means for the future of unwanted internet exposures.

We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any capable security program. How can we monitor for unnecessary exposures without knowing what’s on the internet?

Through examination of exposure patterns and analysis of passive DNS data, we explore real-world examples of global cloud breaches waiting to happen. There are thousands of vulnerable systems for the commonly used services (e.g. ElasticSearch) and more from the up and coming services you may not even know your organization is using yet.

Presentation highlights:

  • Most security orgs are maintaining their inventory the old way (i.e. IP ranges) which doesn’t cut it in a dynamic cloud world.
  • IPv4 scanners can’t find virtual host services that are ephemeral or require specific paths in the request to function properly
  • Global exposures are only going to increase unless we look at the solution differently and understand the patterns for these breaches waiting to happen

Oscar salazar

About the author, Oscar Salazar

Principal Product Researcher

Oscar Salazar is a Principal Product Researcher at Bishop Fox. In this role, he has experience with red teaming, application penetration testing, source code review, network penetration testing, secure software design, and product security reviews. He focuses on research and development of the Continuous Attack Surface Testing (CAST) platform. Oscar has presented at many of the leading security conferences including Black Hat USA, DEF CON, RSA, BSides, Hacker Halted, SyScan 360, and SAS. His research, particularly surrounding anti-anti-automation, has appeared in Wired, eWeek, Fox News, Threatpost, and Gigaom.

Additionally, he has been a featured speaker on the Dark Reading Radio series. Prior to joining Bishop Fox, Oscar served as a web security research engineer at Hewlett Packard's Application Security Center where he designed and developed security checks for the WebInspect web application security scanner. In addition, his research involved developing more effective methods of scanning web applications.

More by Oscar

Default fox headshot blue

About the author, Brandon Gaudet

Senior Security Analyst

Brandon Gaudet is a Bishop Fox Alumnus who was a Senior Security Analyst at Bishop Fox. Brandon's areas of expertise are continuous penetration testing, application penetration testing, and network penetration testing. Over the past year, he has been conducting research on zero-knowledge asset discovery. Specifically, Brandon is interested in how the discovery of these assets can impact an organization; his other focuses are how to intelligently reduce and perform security assessments against large attack surfaces.

More by Brandon

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.