HITBSecConf2010 – Malaysia » Marco Slaviero (Associate, SensePost)



Marco Slaviero (Associate, SensePost)

Presentation Title Cache on Delivery
Presentation Abstract

Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for such services, which often lag behind the state-of-the-art. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers.

In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss memcached mining and alteration which is a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering, mining and overwriting data residing on memcached servers. Results will be demonstrated in the form of compromise of recognisable sites.

We conclude with a discussion about why this is not simply a developer failing and point to emergent insecurities in the cloud model.

About Marco Slaviero

Marco Slaviero is an associate at SensePost. After a number of years hacking networks and (mostly) web applications, he now heads up SensePost Labs. He detests figs.