Knock knock. Identifying Assets in the Cloud

Presented at Kernelcon 2022, April 1, 2022, 1 p.m. (60 minutes).

Identifying and enumerating assets has become incredibly easy thanks to all the tools that have been released in the past few years, but being the first to a new target can be the difference between a P1 and a Duplicate! This talk will cover how we were able to monitor, fingerprint, and catalog cloud assets at a rate of over 200 thousand hosts a second in an attempt to find bounty targets and the bugs within them before anyone else.


Presenters:

  • Ben Sadeghipour / NahamSec as Ben Sadeghipour
    NahamSec currently works as the Head of Hacked Education at HackerOne by day, and a hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100+ of web and mobile applications for companies such as Yahoo, Google, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also cofounded Bug Bounty Forum, a community of 500+ active hackers sharing ideas and their experiences. He also streams live hacking on Twitch, and creates educational content about hacking on YouTube.

Links:

Similar Presentations: