Liv Matan
Liv Matan (@terminatorLM) is a Senior Security Researcher at Tenable, where he specializes in application and web security. He previously worked as a Security Researcher at Ermetic and served in the Israeli Intelligence Corps as a Software Developer.
As a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure, Google Cloud, AWS, Facebook and Gitlab, was recognized by Microsoft as a Most Valuable Researcher, and has presented at conferences such as DEF CON Cloud Village and fwd:cloudsec.
Liv studied computer science at the Weizmann Institute of Science, in Israel. In his free time, he boxes, lifts weights and plays Capture the Flag (CTF).
Session
Could providers have prevented some of the more impactful web vulnerabilities revealed to date. Will they be able to prevent those yet to come? Is there a “secret” guardrail that those who report bugs and triage vulnerabilities simply don’t know of, but should?
At this session, I will unveil a high-severity vulnerability I discovered and dubbed 'FlowFixation'.
The talk will first explore a common cloud provider default configuration that can be likened to a javascript execution primitive on a victim's subdomain in on-prem environments. The root issue: you share parent domains with every other cloud customer. I will then introduce a lesser-known guardrail for preventing this risk: The public suffix list (PSL). Audiences will learn about my unique domain management research into the major cloud providers and better understand the services’ domains that were vulnerable to same-site attacks. I will also share case studies of significant cloud vulnerabilities that could have been prevented with this guardrail.
The next part of the talk will dive deep into the FlowFixation vulnerability, that affected AWS Managed Workflows for Apache Airflow (MWAA), enabling attackers to hijack a user session and potentially execute remote code (RCE) on underlying instances.