07-25, 09:20–10:00 (US/Eastern), Room 2/3
Cloud service providers (CSPs) offer immense and ever-growing functionality. While this greatly benefits organizations and their business, it also generates a much broader attack-surface compared to traditional application security research.
In this session, we share the methodologies and internally developed strategy we used to successfully uncover multiple critical vulnerabilities and design issues in the core of major CSPs. Covering the whole research process - from choosing a target to exploiting a remote code execution vulnerability on a managed service, we will explain how we found issues that affected thousands of cloud customers and organizations.
We will dive into the bits and bytes of some of our major findings (ChaosDB, OMIGOD, AWS confused deputy vulnerabilities, ExtraReplica and more), explain our mindset and approach and discuss common pitfalls to avoid performing a security audit of a target. Attendees should expect to better understand the fundamentals behind real-world cloud security exploits and gain practical tools to enhance their own independent cloud security research.
Sagi Tzadik is a security researcher in the Wiz Research Team. Sagi specializes in research and exploitation of web applications vulnerabilities, as well as network security and protocols. He is also a Game-Hacking and Reverse-Engineering enthusiast.
Nir Ohfeld is a security researcher from Israel. Nir currently does cloud-related security research at Wiz. Nir specializes in the exploitation of web applications, application security and in finding vulnerabilities in complex high-level systems.