CANCELLED: Cloud-Squatting: the never-ending misery of deleted and forgotten cloud assets
In recent years, the adoption of cloud services has significantly increased, enabling organizations to leverage the benefits of scalability, availability, and cost-efficiency.
However, this shift towards cloud-based infrastructure has also brought new security challenges, including the emergence of cloud-squatting attacks. Cloud squatting happens when a company leases space and IP addresses on a public server, uses them, releases the space, and sends them back to the cloud vendors. The server space providers such as Amazon, Google, or Microsoft assign the same addresses to other companies. If the new company is a bad actor, it could take advantage of the information coming into the address intended for the previous organization. In this talk, we will explain how we solved this issue on a scale at TikTok.
The talk will be useful for security engineers to help them build a similar system or be aware of this issue if they use a cloud provider in their infrastructure. Moreover, the talk will help bug bounty hunters to look for these assets in an automated way.
Technical Rating
🔴🔴🔴🔴🔘🔘