How we hacked distributed configuration management systems

Want to visit   +58

Authors: Francis Alexander and Bharadwaj Machiraju

The talk deals with how the researchers came across and exploited different configuration management systems during their pentests. The speakers will introduce different distributed configuration management tools, like Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd; discuss multiple ways to fingerprinting these systems, and exploit generic misconfigurations for increasing attack surface.

  • Language
  • English

Francis Alexander
An information security researcher and the author of NoSQL Exploitation Framework. Interested in web app and stand-alone app security, DBMS security, coding tools and fuzzing. Spoke at HITB AMS, Hack in Paris, 44CON, DerbyCon, Defcon.

Bharadwaj Machiraju
The project leader for OWASP OWTF. He is mostly found either building a web app sec tool or hunting bugs for fame. Spoke at such conferences as Nullcon, Troopers, BruCON, PyCon. Apart from information security, he is interested in sleeping, mnemonic techniques, and machine learning.

Francis Alexander and Bharadwaj Machiraju Francis Alexander and Bharadwaj Machiraju

Back to the list