Only takes a Spark - Popping a shell on a 1000 nodes

The speaker discusses their experience in finding vulnerabilities and their current project of creating a tool for reflectively loading assemblies. They also express interest in researching Kubernetes and advise others to focus on niche topics in infosec.

• Speaker emphasizes the importance of looking for niche topics in infosec and going deep until understanding is achieved
• Speaker discusses their experience in finding vulnerabilities and the frustration of getting stuck in code when the solution can be found through a simple Google search
• Speaker talks about their current project of creating a tool for reflectively loading assemblies using Golang and good dev practices
• Speaker expresses interest in researching Kubernetes and exploring potential vulnerabilities
• Speaker advises those interested in infosec to break into it by giving talks, doing research, and looking for abandoned niche topics

The speaker expresses their excitement and privilege in interacting with talented individuals in the field of cybersecurity and DevOps, particularly those they saw on stage at the conference. They also mention the absence of a live Defcon crowd and the lack of a round of applause for their successful demo.

"Apache Spark is one of the major players if not the leader when it comes to distributed computing and processing. Want to use machine learning to build models and uncover fraud, make predictions, estimate future sales or calculate revenue ? Whip out a 200 nodes cluster on Spark and you are good to go. This talk will show you how to get a shell on each one of these nodes! We are talking about systems that, by design, have access to almost every datastore in the company (S3, Cassandra, BigQuery, MySQL, Redshift, etc.). This is game over for most companies. I will also release a tool that will help pentesters pwn Spark clusters, execute code and even bypass authentication (CVE-2020-9480)."