logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Roni Gavrilov
2023-05-12

The adoption of Industry 4.0 and IoT (IIoT) technologies into industrial business operations has brought great operational and economic benefits, but also introduced new risks and challenges. One of the major risks is the potential for central points of failure (the cloud), which in the industrial remote access scenario can leave many industrial companies reliant on a single IIoT supplier's security level.IIoT suppliers often provide cloud-based management solutions to remotely manage and operate devices. While some research has been conducted on the security of these IIoT devices' firmwares and protocols, there is still much to learn about the unexpected security risks emerging from their cloud-based management platforms.In our research, we focused on the cloud-based management platforms of three major IIoT gateway suppliers - Sierra Wireless, Teltonika Networks, and InHand Networks. When investigating how they might be exploited by malicious actors, we found out these types of platforms can act as the backdoor for accessing multiple industrial and critical environments at once, bypassing perimeter and defense-in-depth security measures. During the session, we will present three attack vectors that could compromise cloud-managed IIoT devices through their cloud-based management platforms. The discovered vulnerabilities impact thousands of devices in industrial environments, bypassing NAT and traditional security layers. We will provide an in-depth overview of these vulnerabilities and demonstrate multiple vulnerabilities including RCE over the internet, bypassing NAT and reaching directly to the internal network, without any pre-conditions. At the end of the session, we will suggest practical recommendations for asset owners, security architects and IIoT vendors.
Authors: Ken Toler
2023-02-16

tldr - powered by Generative AI

The presentation discusses the importance of threat modeling and testing in web3 organizations and the need for understanding code in web3.
  • Threat modeling is important in web3 organizations and should be done iteratively starting with a contract or cloud infrastructure
  • Writing tests is crucial in web3 organizations
  • Learning to code is important for effective communication with developers in web3 organizations
Authors: Steve Wade
2022-10-25

tldr - powered by Generative AI

The presentation discusses the importance of asset inventory in Kubernetes clusters and highlights the need to stay updated with CVEs and API specifications. It also emphasizes the significance of networking and security in managed providers like EKS, GKE, and AKS.
  • Asset inventory is crucial in Kubernetes clusters to identify running applications and stay updated with CVEs and API specifications.
  • Managed providers like EKS, GKE, and AKS have limits and boundaries that need to be considered, especially in terms of networking and security.
  • Staying ahead of the curve of application developers is important for platform engineers responsible for Kubernetes clusters.
  • Links to official Kubernetes CVE streams are provided for reference.
Authors: Dov Hershkovitch
2022-10-25

DevSecOps extends the DevOps ecosystem with the security aspect. Sensitive information is everywhere, be it passwords, secret tokens or exchanged IDs in order to gain access to tools and platforms. The problem has been addressed by many secret management solutions and frameworks, yet creating another problem: Which to choose from, and how to integrate best into your DevOps processes? Engineers started to workaround the security protocols, and often sensitive information is stored in insecure ways. A plaintext token can lead to security leaks and business incidents in a worst case scenario. JSON Web Token (JWT) aims to build the integration bridge as an open standard for security claims exchange. Join this session to learn how in GitLab we leverage JWT tokens to access different secret management solutions, including major cloud providers. Hear best practices on the challenges to retrieve sensitive data and how to enhance the DevSecOps security processes in your organization.
Authors: Barak Schoster
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of infrastructure as code and automation in cloud security and DevOps. It highlights the challenges of manual security reviews and misconfigurations in open source repositories, and proposes solutions such as infrastructure linters and early feedback loops.
  • Infrastructure as code and automation are crucial for cloud security and DevOps
  • Manual security reviews and misconfigurations in open source repositories pose significant risks
  • Infrastructure linters and early feedback loops can help prevent misconfigurations and improve security
  • Collaboration between security and development teams is essential for a scalable and agile security process
Authors: Miguel Calles
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of implementing security measures in cloud computing, particularly in serverless technologies, to reduce costs and ensure data privacy.
  • Leverage temporary credentials and short-lived policies to mitigate risks
  • Monitor AWS service outages and failures to prevent data loss
  • Implement multi-region and multi-cloud designs to ensure application availability
  • Use local storage and session storage to store data in case of API call failures
  • Perform cost engineering to optimize application costs and reduce total cost to collect for toll operators
  • Implement proper cloud security principles to ensure data privacy and security
  • Resources for learning about serverless and serverless security include blogs, books, and cloud provider documentation