Presentation Title Cache on Delivery
Presentation Abstract
Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for such services, which often lag behind the state-of-the-art. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers.
In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss memcached mining and alteration which is a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering, mining and overwriting data residing on memcached servers. Results will be demonstrated in the form of compromise of recognisable sites.
We conclude with a discussion about why this is not simply a developer failing and point to emergent insecurities in the cloud model.
About Marco Slaviero
Marco Slaviero is an associate at SensePost. After a number of years hacking networks and (mostly) web applications, he now heads up SensePost Labs. He detests figs.