When:
October 25-26, 2024
Where:
Portland State University
Portland, OR
BSides Portland’s mission is to cultivate the Pacific Northwest information security and hacking community by creating local inclusive opportunities for learning, networking, collaboration, and teaching.
This year, three of The NetSPI Agents are participating. Check out their talk details below:
Rudder Nonsense: Steering Smart Rowers Off Course
When: Friday, 10/25 | 2:00-3:00 pm PT
Location: Main Track, Smith Ballroom
Shane Kell
Senior Security Consultant
Android is the most common platform worldwide, encompassing 24k distinct devices across nearly 1300 brands. Seeing the traffic being sent for internet connected embedded Android devices isn’t always easy. This talk illustrates one technique for proxying traffic on a smart rowing machine for the purpose of knowing what data is being sent, how authorizations are being handled for paywall features, as well as showcasing an efficient method for manipulating responses being received.
I live and work in the Portland Metro area, consulting on web and mobile app security for a living. When I am not working I am either hacking devices around my house, pretending I am good at gardening, baking and cooking (which I am actually good at), or spending time with my three tiny hackers.
What the Function: A Deep Dive into Azure Function App Security
When: Friday, 10/25 | 3:00-4:00 pm PT
Location: Track 2
Karl Fosaaen
VP Research
As organizations have evolved from the “Lift and Shift” cloud migration strategy to building “Cloud Native” applications, there has been a significant increase in the usage of Platform as a Service (PaaS) services in the cloud. The Azure Function App service is a commonly used resource in this space, as it provides easy to deploy application hosting. While the serverless service offers a wide variety of convenient features, it also comes with its own security challenges.
We will be discussing how the service is utilized by Azure customers and some of the architecture design flaws that can lead to privilege escalation scenarios. Additionally, we will be covering a recently remediated privilege escalation issue that resulted in the Azure “Reader” RBAC role gaining code execution privileges in Function App containers.
We will also be covering a tool that we created that automates the exploitation of write access on a Function App’s Storage Account. The tool will allow you to gain cleartext access to the Function App keys, and will generate Managed Identity tokens that can be used to pivot to the Function App’s identity. We will also include some additional research on how we were able to abuse the Function App service to gain access to Managed Identity certificates associated with the resources. Finally, we will also include best practices and recommendations on how defenders can implement policy and configuration changes that help mitigate these issues.
Learn more about BSides Portland: https://bsidespdx.org
Explore more events and webinars
CAASM Best Practices: Solve Your Challenges Around Internal Asset Risk
Join us for our webinar on CAASM best practices. Learn how to solve challenges of identifying and monitoring internal assets and their interconnected risk.
EASM Best Practices: Secure Your Network from External Threats
Join us for our Hacker Valley Media webinar on External Attack Surface Management (EASM) best practices. Learn how to secure your network from external threats.
The Value of Full Attack Surface Management: Why You Need Both EASM and CAASM
Fundamentals of Attack Surface Management, both External Attack Surface Management (EASM) and Cyber Asset Attack Surface Management (CAASM) are essential.