BACK TO SPEAKERS
Michael has presented at various industry events and meetups including DEF CON, Black Hat Asia, Thotcon, Rootcon and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.
Catch Me If You Can: Exploring the Impact of Ephemeral Vulnerabilities
Technical Level (3 being the highest score): 2
As companies have shifted to a cloud-first architecture and adopted continuous deployment and DevOps practices the exposed attack surfaces of these organisations have become more fluid and evolve rapidly.
This pace has exposed new types of vulnerabilities and security issues that are ephemeral in nature but often have critical security impact. This presentation will explore our research into ephemeral vulnerabilities and our experience applying this to real world environments through bug bounties.
Specifically we will detail how ephemeral vulnerabilities are introduced and explore methods and techniques to find ephemeral vulnerabilities with detailed examples of critical ephemeral issues found when applying our research to bug bounty programs. We will also present strategies and techniques that organisations can apply to prevent these issues.
Presentation video can be found HERE
Michael Gianarakis
Assetnote
Michael Gianarakis is the co-founder and CEO of Assetnote, a platform for continuous monitoring of your external attack surface.Michael has presented at various industry events and meetups including DEF CON, Black Hat Asia, Thotcon, Rootcon and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.
Catch Me If You Can: Exploring the Impact of Ephemeral Vulnerabilities
Technical Level (3 being the highest score): 2
As companies have shifted to a cloud-first architecture and adopted continuous deployment and DevOps practices the exposed attack surfaces of these organisations have become more fluid and evolve rapidly.
This pace has exposed new types of vulnerabilities and security issues that are ephemeral in nature but often have critical security impact. This presentation will explore our research into ephemeral vulnerabilities and our experience applying this to real world environments through bug bounties.
Specifically we will detail how ephemeral vulnerabilities are introduced and explore methods and techniques to find ephemeral vulnerabilities with detailed examples of critical ephemeral issues found when applying our research to bug bounty programs. We will also present strategies and techniques that organisations can apply to prevent these issues.
Presentation video can be found HERE