Program
How we hacked distributed configuration management systems
Authors: Francis Alexander and Bharadwaj Machiraju
The talk deals with how the researchers came across and exploited different configuration management systems during their pentests. The speakers will introduce different distributed configuration management tools, like Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd; discuss multiple ways to fingerprinting these systems, and exploit generic misconfigurations for increasing attack surface.
- Language
- English
- Info
- Video
- Presentation
Francis Alexander An information security researcher and the author of NoSQL Exploitation Framework. Interested in web app and stand-alone app security, DBMS security, coding tools and fuzzing. Spoke at HITB AMS, Hack in Paris, 44CON, DerbyCon, Defcon. Bharadwaj Machiraju The project leader for OWASP OWTF. He is mostly found either building a web app sec tool or hunting bugs for fame. Spoke at such conferences as Nullcon, Troopers, BruCON, PyCon. Apart from information security, he is interested in sleeping, mnemonic techniques, and machine learning.
