Webcast: Open Source Exploits in the Cloud’s Big Data Services – Cloud TradeCraft

Click on the timecodes to jump to that part of the video (on YouTube)

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_OpenSourceExploitsinCloudsBigDataServices.pdf

4:18 Problem statement and exploitation timeline
8:28 MapReduce and Hadoop overview, overview of open-source software based on Hadoop architecture and their vulnerabilities
14:15 Live demonstration of standing up a stack in EMR, terminology, auto-scaling risks, proper security postures for any new cloud
23:50 Other security resources available to you including EyeWitness, GoWitness, and Webshot
28:43 Continuation of the live demo
33:58 Step by step recreation of the live demonstration with questions answered
43:11 How to combat vulnerabilities in new technologies and staying ahead of the curve, NCC Group’s scout
52:16 Q&A and Closing Thoughts

This webcast was originally recorded live on September 26th, 2019 with John Strand and Jordan Drysdale.

Let’s move our ops to the cloud they said. It will be easy, fun, and “secure.”

Everything is safe, right? The Cloud is certified for every compliance, ever drafted. It must be safe. So what happens when windows get left open on your cloud? How about doors with old rusty locks?

This webcast covers a disclosure first made to AWS support in December of 2018. The conversation was quiet for a while. BHIS re-submitted the disclosure and worked with AWS Security Operations for the next few months to share a finding/vulnerability/exposure, whathaveyou.

Sadly, the nature of the exposure has left many doors open. Those doors lead to virtual private clouds across the globe.

This is one of the scarier webcasts we’ve been a part of, and for that, we’d like to say we shared everything we could, including a blog write-up that explains in all the gory detail how risky Hue / Hadoop / Spark and the Apache big data clusters can be to an organization. It was originally drafted as “Breaking the Internet” – but this was toned down a bit to “Securing the Cloud.”


On the webcast, we talk a bit about the nature of open source solutions and the risks they present. We talk a bit about the cloud and the risks it presents. A lot of AWS specific service language is used and hopefully explained in a meaningful way. And, we offer up the Shodan query that identifies the possibly open doors. Oh, we go ahead and demo the nature of the exposure as well (shells).

Also, this webcast serves as a starting point for anyone trying to get started in researching cloud security issues.

Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand