Explore advanced post-exploitation techniques leveraging cloud synchronization services in this 57-minute Black Hat USA 2013 conference talk. Delve into the security risks posed by popular cloud backup solutions like Dropbox, which can be installed without administrative privileges. Learn about the improved DropSmack v2 tool and its operational deployment in various synchronization environments. Examine countermeasures against these attacks, including third-party file encryption and next-generation firewalls. Investigate credential storage vulnerabilities in cloud synchronization applications and discover post-exploitation activities possible on compromised systems running these products. Gain insights into stealing stored credentials and exploiting cloud synchronization service portals for malicious purposes. Whether you're a network defender seeking to understand the risks or a penetration tester expanding your toolkit, this talk provides valuable knowledge on the security implications of cloud synchronization services in corporate environments.
Overview
Syllabus
Black Hat USA 2013 - Post Exploitation Operations with Cloud Synchronization Services
Taught by
Black Hat