Nelson William Gamazo Sanchez
Nelson William Gamazo Sanchez worked in the computer security field since 2000 in multiple security-oriented companies, including anti-malware and computer forensics companies. Professional developed in multiple areas as reversing engineer, vulnerability analyst and vulnerability researcher, threat researcher, and computer forensics. He is an engineering graduate and has a Master's degree in Teleinformatics.
Nelson William Gamazo Sanchez is currently as Sr. Cloud Security/Threat Research at Trend Micro. Previously worked as Principal Security Researcher at Palo Alto Networks, on Cloud Security, finding and publishing unique discoveries as Elektra-Leak, P2PInfect. Prior to joining Palo Alto Networks he was a Threat Security Researcher at ZDI Trend Micro, in the Threat Hunting Team, leading the ITW hunting initiative where he published and presented multiple and unique findings.
Speaker at Conferences, BSides, VirusBulletin, RSAC, Texas Cyber Summit, fw:cloudsec.
CVEs discovered and Patent submissions.
Session
Cloud Service Providers (CSPs) have grown, established and been widely adopted with time. This growth has had its own ramifications, consequences, and a significant influence on how modern systems are built. However, due to the speed at which these services are released for public use, security practices are often left behind. We will discuss how two aligned bad security practices lead to multiple scenarios where systems dependent on cloud resources can be compromised, ranging from dangling cloud resource takeovers, to supply chain attacks. From the perspective of the infamous shared responsibility model of security, bad security practices are not only related to end users but also are associated with CSPs themselves, leading to security implications for both ends.
This talk describes and details how, on the CSPs side, the usage of Universal DNS Zones and cloud credentials used in URL parameters turn out to be security nightmares. Universal DNS Zones refer to the design decision of CSPs of using common DNS zones for all customers without any distinction on who owns the resource. This leads to a set of security issues, that can be abused to perform cloud resource hijacking. The case for cloud credentials used in URL parameters focuses on Azure SAS token abuse scenarios. Even though these bad security practices are not a novel discovery, our investigation reveals new non-published scenarios covering a wide range of possible attacks.