Explore the vulnerabilities of cloud-based DDoS protection services in this 24-minute Black Hat USA 2013 conference talk by Allison Nixon. Discover fundamental flaws in these services, initially uncovered while investigating malicious websites shielded by Cloudflare. Learn about a new tool called "No Cloud Allowed" that exploits cloud security bypass methods to unmask websites protected by DDoS mitigation. Gain insights into various unmasking techniques and acquire an arsenal of tools to audit your cloud-based DDoS or WAF protection. Understand the implications of these vulnerabilities for a range of cloud-based anti-DDoS and WAF providers, equipping yourself with knowledge to enhance your organization's security posture.
Overview
Syllabus
Black Hat USA 2013 - Denying service to DDOS protection services
Taught by
Black Hat