Clobbering the Cloud

Presented at DEF CON 17 (2009), Aug. 1, 2009, 5 p.m. (50 minutes).

Cloud Computing dominates the headlines these days but like most paradigm changes this introduces new risks and new opportunities for us to consider. Some deep technical research has gone into the underlying technologies (like Virtualization) but to some extent this serves only to muddy the waters when considering the overall threat landscape. During this talk SensePost will attempt to separate fact from fiction while walking through several real-world attacks on "the cloud". The talk will focus both on attacks against the cloud and on using these platforms as attack tools for general Internet mayhem. For purposes of demonstration we will focus most of our demos and attacks against the big players...


Presenters:

  • Haroon Meer - Technical Director, SensePost
    Haroon Meer is the Technical Director of SensePost. He joined SensePost in 2001 and has not slept since his early childhood. He has co-authored several technical books on Information Security and has spoken and trained at conferences around the world (BlackHat, Defcon, DeepSec, MS-Tech-Ed, Recon, etc). He has played in most aspects of IT Security from development to deployment and currently gets his kicks from reverse engineering, application assessments and similar forms of pain.
  • Marco Slaviero - Cyber Fighter, SensePost
    Marco Slaviero is a SensePost Associate and finds long bios amusing.
  • Nicholas Arvanitis - Senior Security Analyst, SensePost
    Nicholas Arvanitis is a senior security analyst. He has spoken and trained throughout South Africa, Europe and the United States, including at prestigious events such as the Black Hat Briefings in the United States and Europe. His area of expertise is in Web application assessment, threat modelling, network security assessments and vulnerability management.

Links:

Similar Presentations: