Activity
-
We keep talking about various attacks on #Kubernetes infrastructure, but the systematization of initial access vectors often gets lost in the noise…
We keep talking about various attacks on #Kubernetes infrastructure, but the systematization of initial access vectors often gets lost in the noise…
Liked by Kat Traxler
-
I’ve got this Ted Talk on cloud configuration obsession I need to get out, the eve of a holiday weekend seems like the perfect time……
I’ve got this Ted Talk on cloud configuration obsession I need to get out, the eve of a holiday weekend seems like the perfect time……
Liked by Kat Traxler
-
Dr. Nestori Syynimaa is showcasing token based authentication attacks, breaking down what to steal from the user's endpoint.
Dr. Nestori Syynimaa is showcasing token based authentication attacks, breaking down what to steal from the user's endpoint.
Liked by Kat Traxler
Publications
-
Attacks as a Service with The DeRF
DEF CON Cloud Village
See publicationAbstract:
Introducing the DeRF (Detection Replay Framework), a tool which hosts attack techniques and supports the invocation of those attacks across cloud environments. What sets DeRF apart from other cloud attack tools?
- User-Friendly Interface: Since the DeRF is hosted in Google Cloud, End Users can invoke attacks through the cloud console UI without the need to install software or use the CLI.
- Accessibility for Non-Security Professionals: The DeRF caters to a broad…Abstract:
Introducing the DeRF (Detection Replay Framework), a tool which hosts attack techniques and supports the invocation of those attacks across cloud environments. What sets DeRF apart from other cloud attack tools?
- User-Friendly Interface: Since the DeRF is hosted in Google Cloud, End Users can invoke attacks through the cloud console UI without the need to install software or use the CLI.
- Accessibility for Non-Security Professionals: The DeRF caters to a broad audience of End Users, including Engineering, Sales, Support Staff or automated processes.
- Robust OpSec: Long-Lived Credentials are not passed between operators, instead access to the DeRF and its attack techniques are controlled through GCP IAM Role-Based Access Control (RBAC)
- Extensibility at its Core: Attack sequences are written in YAML, enabling easy configuration of new techniques.
- Turn-Key deployment: Deploying (and destroying!) the DeRF is a fully automated process, completed in under 3 minutes.
During this demo, we will guide you through the straightforward and automated deployment process for the DeRF. We'll demonstrate how to invoke pre-configured attack techniques and illustrate how you can customize the framework to align with your internal attacker profile. By deploying the DeRF within your organization you can easily spin up attacker simulations, to augment training or automate the testing of detection capabilities. -
GCP Primitive Roles, An indictment
fwd:Cloudsec
See publicationBefore Google Cloud released Cloud IAM there was only Primitive Roles. Prior to 2016, the course-grained Roles, Owner, Editor and Viewer were the only mechanisms available to grant access to GCP resources.
Primitive Roles are the antithesis to least privilege but more specifically, they’re mere existence significantly impacts the security posture of a GCP Project. Four years after the release of Cloud IAM, despite the availability of fine-grained Roles, Primitive Roles are still…Before Google Cloud released Cloud IAM there was only Primitive Roles. Prior to 2016, the course-grained Roles, Owner, Editor and Viewer were the only mechanisms available to grant access to GCP resources.
Primitive Roles are the antithesis to least privilege but more specifically, they’re mere existence significantly impacts the security posture of a GCP Project. Four years after the release of Cloud IAM, despite the availability of fine-grained Roles, Primitive Roles are still pervasive in GCP. Is it possible to eradicate Primitive Roles from your GCP Organization and still use the Platform? -
GCP Privileged Escalation - A Transitive Path
See publicationOverview
The power of Impersonation is a deeply rooted concept in GCP and GKE. The ability for one member to Impersonate another is a foundational capability; it will and should be leveraged as your cloud maturity grows. But how does your Organization securely enable Impersonation without leaving behind a 'Happy Path' for Attackers?
In this talk I will show you how an attacker could abuse permissions with Transitive properties to escalate their permissions in GCP starting from initial…Overview
The power of Impersonation is a deeply rooted concept in GCP and GKE. The ability for one member to Impersonate another is a foundational capability; it will and should be leveraged as your cloud maturity grows. But how does your Organization securely enable Impersonation without leaving behind a 'Happy Path' for Attackers?
In this talk I will show you how an attacker could abuse permissions with Transitive properties to escalate their permissions in GCP starting from initial compromise to Project Admin. I'll also talk about some 'Red Flag' permissions fueling privilege escalation and how to securely handle when there is a use case for them. -
The Cloud Attack Surface - Laughing at the OSI Model
BSidesMSP 2019
See publicationSecurity Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model. We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter 'The Cloud' or I as like to think about it, platforms in other peoples datacenters. The Cloud API Platforms are used by a new bread of operations teams to define network or application systems in code. Its on the Cloud API Platform that…Security Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model. We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter 'The Cloud' or I as like to think about it, platforms in other peoples datacenters. The Cloud API Platforms are used by a new bread of operations teams to define network or application systems in code. Its on the Cloud API Platform that a new attack surface has opened and it plays by none of the old rules. -
JAVASCRYPTO: HOW WE ARE USING BROWSERS AS CRYPTOGRAPHIC ENGINES
Cyphercon 2.0
See publicationIn order to achieve end-to-end encryption, build zero-knowledge systems, and provide users with the convenience they are accustomed to, Web 2.0 is pushing cryptography to your browser. From secure e-mail to credit card transactions, our security is increasingly dependent on the integrity of client side javascript. The opportunities for exploit are many but with every new vulnerability has come a potential mitigation, all in an attempt to strong arm these sensitive operations into the browser…
In order to achieve end-to-end encryption, build zero-knowledge systems, and provide users with the convenience they are accustomed to, Web 2.0 is pushing cryptography to your browser. From secure e-mail to credit card transactions, our security is increasingly dependent on the integrity of client side javascript. The opportunities for exploit are many but with every new vulnerability has come a potential mitigation, all in an attempt to strong arm these sensitive operations into the browser, limit an applications liability, and keep us users happy. In my presentation, we will look at the fundamental nature of javascript, web browsers, and conclude what level of protection, in the best of circumstances, JavasCrypto affords the end user.
Projects
-
Crypto2020JS – Encryption for Future Governments
-
See project"TLA Compliance And You"
A JavaScript crypto library for future government.
Crypto2020JS provides for the implementation of the Stanford JavaScript Cryptographic Library while maintaining compliance with most Three-Letter Agencies (TLAs).
All sources of entropy derived from either a password or real time events will be overwritten by a fresh set of null values resulting in null keys,
salt and a consistent, static IV used in all modes of encryption.
Honors & Awards
-
Inaugural infallible Twister game in DEFCON history
Matt Edmondson
Part of a three way tie for first place in the inaugural game of inflatable Twister ever played in DEFCON history.
Organizations
-
ISACA-MN
-
- Present -
ISSA-MN
-
- Present -
OWASP - MSP
-
- Present
More activity by Kat
-
✨ My top 5 tips to survive re:Invent week ✨ 1. Bring Chapstick. Save your lips. This is the Mohave desert. 2. Bring a refillable water bottle and…
✨ My top 5 tips to survive re:Invent week ✨ 1. Bring Chapstick. Save your lips. This is the Mohave desert. 2. Bring a refillable water bottle and…
Liked by Kat Traxler
-
Day 1 and 2 at Black Hat MEA were nothing sort of amazing! As the event gears up for its final day, don’t miss your chance to: ✨ Connect with our…
Day 1 and 2 at Black Hat MEA were nothing sort of amazing! As the event gears up for its final day, don’t miss your chance to: ✨ Connect with our…
Liked by Kat Traxler
-
For those who didn't get a chance to see in person, my Defcon Cloud Village talk is out! Come take a look if you're interested in breaking and…
For those who didn't get a chance to see in person, my Defcon Cloud Village talk is out! Come take a look if you're interested in breaking and…
Liked by Kat Traxler
-
Imagine turning a cloud security tool into a weapon - Viktor Gazdag is currently revealing how Azure Policy, which organizations typically use to…
Imagine turning a cloud security tool into a weapon - Viktor Gazdag is currently revealing how Azure Policy, which organizations typically use to…
Liked by Kat Traxler
-
I’ve got this Ted Talk on cloud configuration obsession I need to get out, the eve of a holiday weekend seems like the perfect time……
I’ve got this Ted Talk on cloud configuration obsession I need to get out, the eve of a holiday weekend seems like the perfect time……
Shared by Kat Traxler
Other similar profiles
Explore more posts
-
Sherri Davidoff
Collaboration between IT staff & management is one of the most important parts of building and maintaining a strong #cybersecurity posture, but LMG Security often discovers gaps in this area when working with clients. Read Madison Iler's blog for advice: https://lnkd.in/gUS7k4K4
1 Comment -
Chuck Harold
Episode 3050 - Jason (Jay) Mar-Tang, CISSP, CCSP of Pentera discusses how ransomware continues to plague organizations. Pentera's RansomwareReady provides a unique offering, enabling organizations to proactively test their defenses against the threat of ransomware on-demand. Pentera just announced a major update to expand the capabilities of the product. RansomwareReady can now test against the Lockbit 3.0 campaign as well as test against the impact of ransomware campaigns like Lockbit 3.0 within vulnerable Linux environments https://lnkd.in/gBXBHmH9 #bhusa #bhusa2024 #blackhat #blackhatusa #blackhatusa2024 #pentera #cybersecurity #pentesting
1 Comment -
Teri Radichel 🩵
I wrote about the various rule combinations I’ve been testing in this post to block known bad and reduce load on the firewall. ~~ Are Your pfSense Filters Really Working? ~~ Too many rules and logs (?) makes them randomly fail ~~ To spot this you need to be monitoring your logs. I have been testing various combinations of rules and noticed this issue in certain scenarios. https://lnkd.in/eknrE6zG
-
Kenneth Goldberg
Like A Good Neighbor, Huntress Is There Huntress has recently been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). The Program is an international and community driven-effort with a mission to "identify, define, and catalog publicly disclosed cybersecurity vulnerabilities". The essentially all knowing directory relies on established cybersecurity experts to spot and name security threats in order to centralize the knowledge and establish a single source of truth for vulnerabilities. Huntress's participation means they are contributing to a global database helping everyone, not just clients, to build better protection for systems worldwide against attacks. #cyberresiliency #huntress #cna #stayvigliant #msp
-
Alexandre BLANC Cyber Security
Basics and common sense ? Nope, not present in the room "Rockwell Automation warns admins to take ICS devices offline" Had to state the obvious, obviously. connected=hacked Reduce your attack surface, don't add even more low hanging fruits ! #cybersecurity #ICS #IIOT #iot https://lnkd.in/eJ3PSUWU
2 Comments -
Shawn May
Erich Kron - I have immense respect for @KnowBe4's honest and open approach regarding their recent hiring incident involving a North Korean cyber threat. This situation offers a crucial lesson for all businesses—whether small, medium, or large—that depend on remote talent for their workforce. As they highlighted, their endpoint protection successfully detected and contained the breach early, showing the importance of identity proofing as a key process for preventing such incidents. Together, these measures are incredibly powerful in helping businesses protect themselves from cybercriminals. 🔒👨💻 #CyberSecurity #RemoteWork #DataProtection #ThreatDetection #BusinessSecurity
1 Comment -
Antonio Ieranò
Join the Proofpoint team this Wednesday at the Evanta, a Gartner Company #Minneapolis #CISO Executive Summit! We'll be hosting a boardroom session at 1:35PM on "Organizational Risk Mitigation — Protecting Humans from Themselves". Be sure to join the discussion where we'll chat about developing a human risk framework, moving human-centric security controls from reactive and manual to proactive and automated, and leveraging AI to protect humans from themselves.
-
Bettina H.
What are your biggest challenges in vulnerability management? How do you prioritize and address them? Stay ahead of cyber threats with Skybox Vulnerability Managementl! Our solution helps you discover, prioritize, and remediate vulnerabilities across your entire attack surface. By integrating with existing security tools, Skybox provides comprehensive visibility and actionable intelligence for proactive risk management. Discover more: https://lnkd.in/gXtF2dFk #Vulnerabilitymangement #Riskreduction #informationsecurity #Ciso
-
Mike Shema
I went on a theme of parsing and protocols this week -- talking about the consequences when a design is under-specified and even when it specifically reminds implementers to take certain actions. John Kinsella brought up a Safe C++ proposal, which gave us a chance to talk about C++ vs. Rust, learning curves, and how horrible C++ template errors can be to debug. We also talked about an #appsec angle for WordPress that involves an insecure plugin (not at all surprising) and an insincere security effort (both surprising and worrying). Show notes at https://lnkd.in/gHd-Xekb https://lnkd.in/gJTDK5EB
-
Jason Lewis
We're thrilled to announce a groundbreaking feature at Fleet that transforms how security teams collaborate with their users when devices fall out of compliance with security policies. Instead of disruptive browser reminders that interrupt important workflows and force users into context switching, Fleet takes a smarter approach. Our new feature automatically detects free time in your end-users' calendars and sets up maintenance windows without any hassles. What's more, Fleet enhances transparency by including AI-generated explanations within these calendar events. These explanations detail why updates are essential and what changes to expect, clarifying the update process and building trust between admins and end-users. We're excited about making security endpoint management smoother and more user-friendly! Come check it out! :) #easeofuse #security #maintenancewindows
2 Comments -
Rohit Agnihotri
Identity Deception in ITDR - Yes this is the old Honey Pots concepts There is another interesting concepts in ITDR called as Identity Deception, it is conceptually similar to honeypots used in networking. Both involve creating decoy elements designed to attract and engage potential attackers Honey Accounts: These are fake user accounts created within identity stores (like Active Directory) that are designed to attract attackers. When an unauthorized user attempts to access these accounts, it triggers alerts and allows security teams to respond quickly. Honeytokens: These are deceptive credential profiles placed in identity caches on endpoints. They serve as early warning signals when accessed by unauthorized users, helping to identify potential breaches before they escalate These identities should be known to your ITDR systems though, this is not a way of checking which ITDR tool is more effective. https://lnkd.in/e7ckJxGQ #TheIdentityNavigator #iam #ITDR #IdentityAndAccessManagement
2 Comments -
Wade Baker, Ph.D.
TOMORROW, representatives from the Cybersecurity and Infrastructure Security Agency and Cyentia Institute will take you on a tour through a decade of data analyzing #ransomware trends. This is not your typical "ransomware is really bad cuz [insert anecdote]" event. We'll measure how bad it actually is now vs then with rigorously modeled frequency and loss estimates your organization can use to better manage this risk. Drop any questions/comments about this research here, and we'll do our best to get to them! Register here: https://lnkd.in/eiucDxcD #cyberrisk #cyberattacks #cyberresilience #cybersecurity #infosec
3 Comments
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Kat Traxler
1 other named Kat Traxler is on LinkedIn
See others named Kat Traxler