This chapter event will welcome Rener Alberto, Senior Pentester at ABB, and Pawell Kusiński, Senior IT Security Consultant at Securing.
Session 1: Rener Alberto’s session will cover the Pentest Automation Approach. The enumeration is a very important process of Pentesting. Some tools can be used to help the identification of products, version, vulnerabilities and possible exploits.
This presentation will cover some tools and the methodology that will help you understand and start your automation process.
Session 2: Pawel Kusiński’s session will be all about Risks in Serverless Technologies. Serverless computing is not only a popular option in the cloud environments, but also a suggested method for creating a lot of things! Did you even think about how it works under the hood? Is serverless really server-less? How execution environment works? Is persistence even possible in this event-driven compute service? I won’t be lying – Remote Code Executions are rare, but what if there is one in your function? I will show how to use it to acquire persistency and exfiltrate more data than function role gives.
– How the infrastructure in serverless works.
– Why persistence is possible in this semi-volatile environment.
– How to research serverless environment using pseudo shell over HTTP.
– How can we make use of an RCE vulnerability to obtain a persistence – exploitation demo will be shown! Possible mitigations.