Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale

Presented at Kiwicon 2038AD: The Dystopic Future is Now (2018), Nov. 16, 2018, 5:15 p.m. (30 minutes)

You’ve heard about cloud, big data, server-less infrastructure, web scale, and other buzzwords that cause VCs to throw money at people - but how does this help you? If you’re getting bored going over the same checklist in your pentests then you’re missing out on what some of these new technologies can offer you. Using some of the newer cloud technologies not only can you automate all of your workflows, but you can do so with almost zero maintenance at a low cost with almost infinite scalability! This talk will show you how to blow conventional pentesters out of the water using some cool new technologies along with a little bit of trickery. Some of the topics we’ll go over include: * Cheap and scalable rainbow tables with BigQuery, 5TB in 10 seconds * SQS & Lambda, like Burp Intruder but 10K QPS * Scalable GPU Clusters on the cheap with Spot Instances and Elastic Beanstalk * Cloud exit nodes, rotating IPs via Elastic Beanstalk and nano instances * Cost effective fuzzing with Elastic Beanstalk and Spot Instances

Presenters:

• moloch & mandatory
  Mandatory - Security Engineer with a passion for web and internet security. Moloch - I like computers.

Similar Presentations:

• BSidesLV 2017 / Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud