BSides London 2021 BSides London 2021
Join event to build your agenda.

Big data lake, big data leak

Rookie Track

After building software for London fintechs and a brief stopover in AppSec, Ben switched to the breaker's camp. Now working as a pentester, he finds bugs in web apps, mobile apps and the occasional robot. He developed Regexploit, a heuristic tool for detecting Regular Expression Denial of Service. Ben holds Master's degrees in Chemistry and Synthetic Biology.

AWS has a service for data scientists called Elastic MapReduce (EMR) which runs a Hadoop cluster. A company I used to work at received an email from AWS saying our account was performing DDoS. From there we discovered that our data scientists had opened ports to certain EMR services which besides showing information also allow RCE as a service. I decided to look for other victims. Shodan isn't great for this so I built a scanner over a few iterations to exploit YARN, Livy and Zeppelin. I get RCE on some random cluster but so what... I'm not into cryptomining or DDoSing. I need to figure out who owns this AWS account I now have access to so I can report it.