Attacking Cloud Services w/ Source Code

Presented at THOTCON 0x4 (2013), April 26, 2013, 2:30 p.m. (25 minutes).

It is a lot of work to ensure that an open source project runs the correctly on all of its supported platforms. Fortunately, there are a growing number of cloud-based services that offer to remove this tedium, and for free! They will download, compile, and *execute* your code and let you know if everything goes as planned. This presentation will explore attack scenarios that could happen if malicious source code is fed into these services and provides perspective, advice and a new tool to help defend them from compromise.

Presenters:

  • Jonathan Claudius
    Jonathan Claudius is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. He has eleven years of experience in the IT industry with the last nine years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs where he focuses on vulnerability research, network exploitation and is the creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security Operations Center.

Similar Presentations: