login

Jenko Hwong
.ical

Jenko Hwong is a Principal Security Researcher at Huntress Labs, focusing on identity-based attacks and abuse. Prior to Huntress, he spent 6 years at Netskope Threat Labs, and has over 20 years in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.

The speaker's profile picture

Session

04-25
14:00
50min
CloudShell Abuse: a CTF, API, and persistent access to CPU/network/storage
Jenko Hwong, Chris Ryan

What started as a Cloud Village CTF at DC33 turned into a private API for CloudShell with persistent access to free compute, networking, and storage. We’ll look at console/non-API/API barriers, automation of a non-API service, IAM obfuscation, logging/monitoring, user lock out, overcoming file/container resets, and backdoors.

Track 1