Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help #...

16
@shambanIT Everyone is hackable How long will it take you to nice? Shira Shamban @shambanIT

Transcript of Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help #...

Page 1: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Everyone is hackableHow long will it take you to notice?

Shira Shamban @shambanIT

Page 2: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT https://www.researchgate.net/figure/Traditional-Data-Center-Network-Architecture_fig2_260671144

https://www.researchgate.net/figure/Traditional-Data-Center-Network-Architecture_fig2_260671144
Page 3: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Page 4: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Prevention doesn’t work anymore!

Page 5: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Cloud created for us a new perimeterAnd so many new buzzwords

Page 6: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

The shared responsibility model

https://aws.amazon.com/compliance/shared-responsibility-model/

https://aws.amazon.com/compliance/shared-responsibility-model/
Page 7: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

IAM (identity and access management)

Service to manage users and permissions.

Lets people, machines and 3rd parties do stuff...

Page 8: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Different storage services

S3, RDS, EBS, AMI, ElasticSearch

Page 9: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Compute power

Denial of wallet, proxy attacks, cryptomining

Page 10: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Capital One hack

What do we know?

Page 11: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

● PII of more than 100M people● About 30 other victims● Crypto-mining too...

The damage:

Page 12: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Scanner (?) SSRFMeta-Data

service

Get token

List and sync S3

Install miners

(?)

Page 13: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

● Know your roles● Least privilege principle● Monitor who’s running commands, and where

from

Could this have been prevented?

Page 14: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Page 15: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

https://docs.google.com/file/d/1waTswzwS9lGXIHZ9fDd3WeROHgdM07Ow/preview
Page 16: Shira Shamban @shambanIT - ShareIT · root@kali: —Documents File Edit View Search Terminal Help # echo "Code' LastUpdated " —Documents Success' " Type " igydQXCas94CaBkBkpn rHmRETODogfgCOaR1xE19"

@shambanIT

Thank you!Shira Shamban

@shambanIT


WEARRINGS SLYDRING - Super Sealshamban/slydring.pdfSlydringR 5 Busak+Shamban Table I Selection Criteria for SlydringR Slydring Application Standard1) Installation Material Type Page

WEARRINGS SLYDRING - Super Sealshamban/slydring.pdfSlydringR 5 Busak+Shamban Table I Selection Criteria for SlydringR Slydring Application Standard1) Installation Material Type Page

Shareit! June 2009

Shareit! June 2009

ZURCONR L-CUP - may-isc.co.il · 81 Busak+Shamban ZURCONR L-CUP-SingleActing --InnovativeDesignbasedonU-Cup --LowFrictionProperties --Material--Polyurethane -

ZURCONR L-CUP - may-isc.co.il · 81 Busak+Shamban ZURCONR L-CUP-SingleActing --InnovativeDesignbasedonU-Cup --LowFrictionProperties --Material--Polyurethane -

Church Army Shareit 31 Summer 2010

Church Army Shareit 31 Summer 2010

Adult Trials Open to Accrualcancer.ucsf.edu/_docs/trials/current_trials.pdf · UCSF Helen Diller Family Comprehensive Cancer Center Adult Interventional Trials June 2018 lastupdated%6/5/2018

Adult Trials Open to Accrualcancer.ucsf.edu/_docs/trials/current_trials.pdf · UCSF Helen Diller Family Comprehensive Cancer Center Adult Interventional Trials June 2018 lastupdated%6/5/2018

Ava Teresa Shamban, M.D. · Ava Shamban, MD, “ ombination Hand Rejuvenation Procedures,” Aesthetic Surgery Journal , 29(5):409-413, September/October 2009. Ava T. Shamban, MD,

Ava Teresa Shamban, M.D. · Ava Shamban, MD, “ ombination Hand Rejuvenation Procedures,” Aesthetic Surgery Journal , 29(5):409-413, September/October 2009. Ava T. Shamban, MD,

Browser Tips for Best Performance in SHAREitBrowser Tips for Best Performance in SHAREit Internet Explorer Note: IE 8 and IE 9 are not recommended for use with SHAREit. If SHAREit

Browser Tips for Best Performance in SHAREitBrowser Tips for Best Performance in SHAREit Internet Explorer Note: IE 8 and IE 9 are not recommended for use with SHAREit. If SHAREit

Supporting peer collaboration in the ... - The ShareIT Project

Supporting peer collaboration in the ... - The ShareIT Project

Intermediate SHAREit Access PA Catalog and ILL system...After completing this training, you will be able to : • Load your library’s records into SHAREit(initial and subsequent

Intermediate SHAREit Access PA Catalog and ILL system...After completing this training, you will be able to : • Load your library’s records into SHAREit(initial and subsequent

Shareit! 38

Shareit! 38

Aerospace sealing systemsallsealsinc.com/busakpdfs/aerospace_gb.pdf · Aerospace Engineering Guide 3 Edition April 2004 Busak+ Shamban Sealing System Examples Typical Hydraulic Equipment

Aerospace sealing systemsallsealsinc.com/busakpdfs/aerospace_gb.pdf · Aerospace Engineering Guide 3 Edition April 2004 Busak+ Shamban Sealing System Examples Typical Hydraulic Equipment

LastUpdated’4/22/15 ...wrightgrad.edu/Data/files/Required Readings- All Programs 042215.pdf · WRIGHT’GRADUATE’UNIVERSITY REQUIRED’READINGS LastUpdated’4/22/15 2 AC42 Tillich,’Paul.’The’Courage’to’Be.’1952

LastUpdated’4/22/15 ...wrightgrad.edu/Data/files/Required Readings- All Programs 042215.pdf · WRIGHT’GRADUATE’UNIVERSITY REQUIRED’READINGS LastUpdated’4/22/15 2 AC42 Tillich,’Paul.’The’Courage’to’Be.’1952

Busak+Shamban in the groove...Busak+Shamban 01/2006 in thegroove The world of seals and service Chemical, Pharmaceutical, Food and Beverages Sealing for a green alternative Making

Busak+Shamban in the groove...Busak+Shamban 01/2006 in thegroove The world of seals and service Chemical, Pharmaceutical, Food and Beverages Sealing for a green alternative Making

CommonCore% % Mathematics% Grade7%SCUSD%Curriculum%Map%/%LastUpdated%8/5/2014% % Grade%7%Mathematics% 2% Table*of*Contents* 7th%Grade%Year/at/a/Glance%..... .....%3%

CommonCore% % Mathematics% Grade7%SCUSD%Curriculum%Map%/%LastUpdated%8/5/2014% % Grade%7%Mathematics% 2% Table*of*Contents* 7th%Grade%Year/at/a/Glance%..... .....%3%

Linear Seals - Super Sealsuperseal.hu/al/catalogs/busak+shamban/rodseals.pdf · Linear Seals 1 Busak+Shamban Contents Part I ... POLYPACR - Veepac ... Balsele 63 Hydraulic cylinder

Linear Seals - Super Sealsuperseal.hu/al/catalogs/busak+shamban/rodseals.pdf · Linear Seals 1 Busak+Shamban Contents Part I ... POLYPACR - Veepac ... Balsele 63 Hydraulic cylinder

Prospects Configuration Guide for ResearchPoint · 2016-08-05 · ProspectsConfiguration LastUpdated: 08/05/2016forResearchPoint4.91 Contents ProspectsConfiguration 2 CapacityFormulaManagement

Prospects Configuration Guide for ResearchPoint · 2016-08-05 · ProspectsConfiguration LastUpdated: 08/05/2016forResearchPoint4.91 Contents ProspectsConfiguration 2 CapacityFormulaManagement

Turcon® Rotary Shaft Seals · Turcon ® Rotary Shaft Seals Busak+Shamban Edition November 2004 Busak+Shamban forms part of Trelleborg Sealing Solutions, a business area within Trelleborg

Turcon® Rotary Shaft Seals · Turcon ® Rotary Shaft Seals Busak+Shamban Edition November 2004 Busak+Shamban forms part of Trelleborg Sealing Solutions, a business area within Trelleborg

SHAREit Tutorials Closed - UPC Universitat Politècnica de ...

SHAREit Tutorials Closed - UPC Universitat Politècnica de ...

Busak+Shamban Turcon® Rotary Shaft Seals

Busak+Shamban Turcon® Rotary Shaft Seals

SHAREit Top 10 - powerlibrary.org · 4/11/2018 2 Top 10 Things YOUNeed to Know About SHAREit 1. How long does it take before our uploaded file appears in SHAREit? 2. What does SHAREit

SHAREit Top 10 - powerlibrary.org · 4/11/2018 2 Top 10 Things YOUNeed to Know About SHAREit 1. How long does it take before our uploaded file appears in SHAREit? 2. What does SHAREit