Explore the results of comprehensive IPv4 scans revealing the extent of exposed data and vulnerabilities in popular databases and key value stores. Delve into the security risks associated with Redis, MongoDB, Elasticsearch, Memcached, Cassandra, and more. Discover the types of sensitive information accessible due to insecure configurations, from data theft to remote code execution. Examine real-world examples of exposed data, including cloud storage systems and fake ransomware. Learn about the evolving landscape of database security, default configurations, and improvements in protected modes. Gain insights into best practices for security hygiene and access valuable resources to enhance your understanding of database vulnerabilities and protection measures.
Scanning IPv4 for Exposed Data and Vulnerable Databases
Overview
Syllabus
Introduction
About me
Projects
Agenda
How many people have ever made a web app
Two ways to store data
What should you use
The problem
Sensitive data is exposed
What kind of data is exposed
Shoten and Binary Edge
Exposed Data
Memcache
Redis
Demo
Sensitive Information
SemiSensitive Information
Free Space
Cloud Storage
Systems
Systems Available
Elastic Search Vulnerability
Elastic Honey
Fake Ransomware
Memcached Vulnerability
The Landscape
Default Configurations
Things are getting better
Protected mode
Security hygiene
Resources
Taught by
LASCON
