Presentation by Oscar Salazar and Brandon Gaudet at BSides Atlanta 2020

Cloud providers continue to increase in usage for the next generation of internet services. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of internet scanners can’t find them. This presentation shows you how they can be found and what it means for the future of unwanted internet exposures.

We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any capable security program. How can we monitor for unnecessary exposures without knowing what’s on the internet?

Through examination of exposure patterns and analysis of passive DNS data, we explore real-world examples of global cloud breaches waiting to happen. There are thousands of vulnerable systems for the commonly used services (e.g. ElasticSearch) and more from the up and coming services you may not even know your organization is using yet.

Presentation highlights:

• Most security orgs are maintaining their inventory the old way (i.e. IP ranges) which doesn’t cut it in a dynamic cloud world.
• IPv4 scanners can’t find virtual host services that are ephemeral or require specific paths in the request to function properly
• Global exposures are only going to increase unless we look at the solution differently and understand the patterns for these breaches waiting to happen