Recent Posts
Archives

AI BEA CTO Cybersecurity DefCon32 Devoxx DevoxxBE2023 DevoxxBE2024 DevoxxFR DevoxxGR2025 DevoxxGreece2025 DevoxxPL2022 DevoxxPoland DevoxxUK2024 DevoxxUS2017 Docker Eclipse EJB GWT Hibernate IntelliJ IDEA Java Jetty JMS Jonathan Lalou JSF Kotlin Kubernetes Maven Maven 2 Microservices Mule Mule ESB Oracle OxidizeConf2024 Python recommendation RustLang Security Spring SQL Tomcat tutorial Weblogic Weblogic 10

Posts Tagged ‘LeakedSecrets’

PostHeaderIcon [DefCon32] Secrets & Shadows: Leveraging Big Data for Vulnerability Discovery

Author: Jonathan Lalou

Vulnerability discovery at scale requires rethinking traditional approaches, and Bill Demirkapi, an independent security researcher, demonstrates how big data uncovers overlooked weaknesses. By leveraging unconventional sources like virus scanning platforms, Bill identifies tens of thousands of vulnerabilities, from forgotten cloud assets to leaked secrets. His talk shifts the paradigm from target-specific analysis to correlating vulnerabilities across diverse datasets, exposing systemic flaws in major organizations.

Scaling Vulnerability Discovery

Bill challenges conventional methods that focus on specific targets, advocating for a data-driven approach. By analyzing DNS records for dangling domains and secret patterns in public repositories, he uncovers misconfigurations like exposed AWS keys. His methodology correlates these findings with organizational assets, revealing vulnerabilities that traditional scans miss. A case study highlights an ignored AWS support case, where a leaked key remained active due to a generic billing email.

Exploiting Forgotten Cloud Assets

Dangling domains, pointing to unclaimed IP addresses, offer attackers entry points to compromise services. Bill’s research identifies these through large-scale DNS analysis, exposing forgotten cloud assets in enterprises. By cross-referencing with cloud provider data, he maps vulnerabilities to specific organizations, demonstrating the devastating impact of seemingly trivial oversights.

Addressing Leaked Secrets

Leaked credentials, such as AWS access keys, pose significant risks when posted publicly. Bill’s use of virus scanning platforms to detect these secrets reveals a gap in provider responses—AWS, unlike Google Cloud or Slack, does not automatically revoke exposed keys. He proposes automated revocation mechanisms and shares a tool to streamline key detection, urging providers to prioritize proactive security.

Industry-Wide Solutions

Bill calls for systemic changes, emphasizing provider responsibility to revoke exposed credentials immediately. His open-source tools and methodology, available for community use, enable researchers to replicate his approach across vulnerability classes. By breaking down traditional discovery methods, Bill’s work fosters a collaborative effort to address ecosystem-wide security gaps.

Links:

Posted in en-US | Tags: , , , , , | No Comments »
(c) 2008 Jonathan Lalou's Blog
All Rights Reserved.

Powered by WordPress and WordPress Theme | Host-euro.