Hackers of India

How we hacked distributed configuration management systems

By Bharadwaj Machiraju , Francis Alexander on 23 May 2017 @ Phdays
📊 Presentation 🔗 Link
#red-teaming #fingerprinting #configuration-management
Focus Areas: 🔒 Data Privacy & Protection , 🎯 Penetration Testing , 🔍 Vulnerability Management

Presentation Material

Как мы взломали распределенные системы конфигурационного управления from Positive Hack Days

Abstract

The talk deals with how the researchers came across and exploited different configuration management systems during their pentests. The speakers will introduce different distributed configuration management tools, like Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd; discuss multiple ways to fingerprinting these systems, and exploit generic misconfigurations for increasing attack surface.

video removed