{ab}use their clouds. cloud computing as viewed by pentester

{AB}USE Their Clouds.

Cloud Computing as Viewed

by Pentester

YURY GOLTSEV, POSITIVE TECHNOLOGIES

{AB}USE Their Clouds. Cloud Computing as Viewed by Pentester out of 21 Copyright © 2012 Positive Technologies

TABLE OF CONTENTS

1 What Is Cloud Computing? 3 2 Abuse types 4 3 Anonymity 5

4 Network Reconnaissance 6 5 Port Scanning 7 6 Attack Implementation 8 7 Bruce-force 9 8 DDos via Clouds 13 9 Trojan Horses in Instance 17 10 How Is Abuse Actually Treated? 18 11 What To Do Under Attack? 19 12 Conclusion 20 13 Positive Research 21


1 What is Cloud Computing?

Cloud computing is the technology of distributed data processing in which computer resources and capacities are provided to the user as an Internet service. Cloud computing services are presented to the user in the following forms: SaaS (Software as a service); PaaS (Platform as a service); IaaS (Infrastructure as a service); HaaS (Hardware as a Service); WaaS (Workplace as a Service); IaaS (Infrastructure as a service); EaaS (Everything as a Service); DaaS (Data as a Service); SaaS (Security as a Service). First of all, we are interested in IaaS, because this service is the most needed and “realistic” environment for pentesters today. IaaS allows users to create a virtual server using the equipment of a cloud computing provider. The most evident advantage of this service consists in almost unlimited computing power, which may be used by a pentester as necessary, e.g. for password decryption. What is IaaS for a pentester? It is a unique opportunity to use dozens of servers of equal power to follow a realistic approach to implementation of such techniques as IPS fraud in the course of various attacks, such as remote port scanning, distributed password brute-forcing, denial of service attacks, network perimeter scanning and automated vulnerability detection in the Customer infrastructure. These services hardly have any peculiar features as such, except for the possibility to use resources limited only by a financial ceiling. Skeptics believe that cloud computing is nothing more than dust, a user-friendly control panel for scattered resources like VDS, Data Storage, etc. that have been pushed to the sidelines by the term Clouds. As of the date of this article, there are over 50 providers of such services. The list below shows the pioneer providers of cloud computing services: Amazon Compute Cloud (http://aws.amazon.com/);

Sun Cloud Computing (http://www.sun.com);

Oracle Cloud Computing (http://www.oracle.com/us/technologies/cloud/);

IBM cloud (http://www.ibm.com/ibm/cloud);

Windows Azure (http://www.microsoft.com/windowsazure/windowsazure/);

Google App Engine (http://code.google.com/appengine).

http://aws.amazon.com/ec2/

http://www.sun.com/

http://www.oracle.com/us/technologies/cloud/

http://www.ibm.com/ibm/cloud/

http://www.microsoft.com/windowsazure/windowsazure/


2 Abuse types

The purposes of applying innovative cloud computing technology can be both good and bad. How can a nefarious use be made of the service? This chapter is an attempt to consider this question in terms of the most widespread abuses by malicious Internet users.


3 Anonymity

Anonymity of operations with cloud computing services presents a highly urgent problem. Primarily, all information necessary to access such services is at best confined to a credit card number and a cell phone number, which are used to authenticate the person (e.g. by the Amazon service). Most providers take the user’s word on trust and do not think about the issues that will arise after their service has become a key element in breaking a resource. To sell the services at a profit, providers readily offer promotional programs that allow users to enjoy the services free of charge within a certain time period. In this case, the only available information about a user who has accessed the service is the email and the IP address used to control the provided cloud computing services. However, there are a lot of ways to use cloud computing anonymously. These methods will be considered in later sections of this chapter. The most elaborate verification at the registration stage is performed by Amazon: they request not only the debit card number, but also the telephone number of the account owner-to-be. A robot verifies this telephone number by making a call and giving the user-to-be a secret code necessary to complete registration. This peculiarity is quite inconvenient for a potential attacker; however, it does nothing towards registering anonymously.


4 Network Reconnaissance

Network reconnaissance includes activities aimed at automated data-gathering for further analysis. Cloud computing presents a great platform for such operations as it provides everything needed for automatic data-gathering, namely: various IP addresses to gather the information from, broad bandwidth, and computing power high enough to process the gathered data and store it in the required format. This technology is used in the field of automated data-collection from search engines, such as Google. When an IP address is blocked, it may be automatically changed using APIs which are present in most services. It is promising to use servers in connection with a service that allows one to store terabytes of information for a small fee when gathering data from social networks. The possibility to change an IP address promptly allows one to organize effective distribution of letters using large databases of e-mail addresses.


5 Port Scanning

Cloud computing services (e.g. IaaS) are a good choice for an attacker to use for network perimeter scanning and automated vulnerability search. Success is almost guaranteed, as an IaaS service allows attackers to bypass protection means such as IPS/IDS. Port scanning can be hidden from IPS/IDS if it is done from more than ten different IP addresses at time intervals and step by step. So, even well-configured IPS/IDS is unable to detect the port scanning event, otherwise the system will block only one IP address from all of the scanning servers. Naturally, this task requires special software that allows remotely managed server processes to run on the cloud provider site. Enough of the theory, let’s move on to the practice. Figure 1 shows a scheme that visualizes port scanning on a remote host.

Cloud Computing

Server 1

Server N

Server under

attack

Control center

{Task1}

Scan host: Target

Scan ports : 1024-2048

Sleep : 360

{TaskN}

Scan host: Target

Scan ports : N-Z

Sleep : 360

Scan host: Target

Fig. 1. Port scanning process As can be seen in the diagram, “silent” port scanning on the remote host requires an application of a client-server type that features: - data exchange between Server1..ServerN and the Control center that manages the scanning; - automatic distribution of tasks for scanning a separate port among clients. Such an application can easily be implemented with the aid of the standard means of Unix OS and the Nmap network scanner.


6 Attack Implementation

A Cloud IaaS service site is ideal to attack remote services, carry out password bruteforcing and perform various client-site attacks. First, it is by no means complicated to deploy any utility, for example Metasploit Framework or Immunity Canvas. Second, password bruteforce can be distributed as in remote host port scanning to prevent the attacker IP address from being blocked. Third, an IaaS site can be an agent between an attacker and its target host as it helps to delete the entire IaaS action history if the server is shut down.


7 Brute-force

Conditionally unlimited cloud resources enable attackers to successfully perform hash bruteforce and rainbow table generation and then to restore encrypted data. The main advantage that clouds provide for rainbow table generation is their huge data storage capacity. In practice, rainbow table generation for ntlm algorithm (mixalpha-numeric-all-space, 8 symbols) is just a matter of time and money. It would take 1290 years for a top home computer to generate such a table. Cloud computing is akin to a time machine that takes 18 months and 320,000 dollars to be created. Thus, clouds can generate such a table in just 18 months. Table 1 provides detailed financial statistics for the task. This example required 20 servers with the following characteristics: 2 x Intel Xeon X5570 quad-core “Nehalem” architecture (8 core Xeon, 2.5-3 HGz), 2 core NVidia Tesla M2050, RAM 23 GB. Tab. 1

Required resource

Quantity Value Total value

Instance only 20 $6590 + $0,56/hour 20 * $6590 = $131 800 $ 0,56 * 20 * 12834 = $ 143 740

Data Storage 418 Tb $ 102 / Tb $ 102 * 418 =$ 42 636

Total $ 318 176

The figures lead to a reasonable conclusion that it is time to modify password policy: an NTLM hash of an 8-symbol password can easily be decrypted. Moreover, the 8-symbol requirement is hardly on the list of most corporate policies. A typical password security policy is less strict and allows users to have shorter passwords. According to the statistics collected by Dmitry Evteev of Positive Technologies, and presented in his report (http://www.ptsecurity.ru/download/PT-Metrics-Passwords-

2009.pdf, available in Russian only), most users try to bypass password policy restrictions and use

simple passwords. Figures 2 and 3 provide statistics on passwords used by employees of Russian companies. The statistic data were used in the above-mentioned report.

http://www.ptsecurity.ru/download/PT-Metrics-Passwords-2009.pdf

http://www.ptsecurity.ru/download/PT-Metrics-Passwords-2009.pdf


Fig. 2. Summary statistics of sets of symbols used in passwords Fig. 3. Summary statistics on password length Thus, to decrypt about 88% of NTML hashes, an attacker would need rainbow tables for the following combinations: Length 1-12, figures only Length 1-12, lower case English alphabet symbols Length 1-12, lower case English alphabet symbols and figures It takes much time and considerable financial resources to generate such tables even by means of cloud computing. Table 2 shows the resources that are required to generate similar rainbow tables with clouds. The red shading highlights the rainbow tables that can be generated today without any serious financial investments. The tables are generated on 20 servers at a time. The more servers are used, the less time is needed to create a table, while financial costs remain the same (Table 2).

52,73%

17,96%

17,51%

3,40% 1,63%

1,35% 1,12% 4,31%

Numbers (numeric)

Lowercase English letters (loweralpha)

Lowercase English letters and numbers(loweralpha-numeric)Mixed-case English letters and numbers(mixalpha-numeric)Mixed-case English letters (mixalpha)

Uppercase English latters (alpha-numeric)

Lowercase Russian letters (loweralpha-rus)

Other variants


Tab.2

Rainbow table characteristic Required time Cost

Figures (1-12 symbols) 3 hours $103

English letters (lower case, 1-12 symbols) 21 years $2 363 252

English letters (1-11 symbols) 275 days $ 754 064

English letters (lower case, 1-10 symbols) 11 days $ 9 823

English letters (lower case) and figures (1-12 symbols) 1046 years $80 919 507

English letters (lower case) and figures (1-11 symbols) 27 years $ 4 631 216

English letters (lower case) and figures (1-10 symbols) 297 days $ 188 884

English letters (lower case) and figures (1-9 symbols) 11 days $ 9 695

Yes, it does take a millennium and about 80 million dollars to generate a rainbow table for passwords consisting of English letters and figures (lower case, 1-12 symbols), which borders on fantasy even for an average national budget. However, if we were to set our mind to it and use 20,000 servers instead of 20, we could generate the table in a year. Using cloud resources for offline bruteforce is a real pleasure. For example, SmashTheStack members (www.smashthestack.org) proved that with the server described above, an attacker can

bruteforce any password with length 1 to 6 symbols, encrypted by sha1 algorithm, in just an hour, which is equivalent to financial costs of about 2 dollars (http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/). The

SmashTheStack team inspired us to try to prove that it is possible to crack any of the popular encryption algorithms used in authorization systems. We chose 4 algorithms: MD4, MD5, NTLM, SHA1. The choice was determined by the CUDA-Multiforce utility. This utility, in its turn, was chosen because it allows us to use ordinary bruteforce instead of bruteforce by dictionary. Compared to the oclHashcat utility (http://hashcat.net/oclhashcat/), CUDA-Multiforce makes

bruteforce one and a half times quicker. The table has beed created for the most frequently used passwords shown in Figure 2. The given time is that required to enumerate all possibilities. The bruteforce is performed with 1 server with the following characteristics: 22 Gb OZU, 2 x Intel Xeon X5570, quad-core “Nehalem” architecture, 2 x NVIDIA Tesla “Fermi” M2050 GPUs, 64-bit platform. Tab. 3

Password Algorithm Required time Value

Figures (1-12 symbols) MD4 5 minutes ~ $0

Figures (1-12 symbols) MD5 4 minutes ~ $0

Figures (1-12 symbols) SHA1 7 minutes ~ $0

Figures (1-12 symbols) NTLM 5 minutes ~ $0

English letters (lower case) and figures (1-12 symbols)

MD4 ~ 7 years $ 128 772


MD5 ~ 6.5 years $ 119 574


SHA1 ~ 12 years $ 220 752


NTLM ~ 8 years $ 147 168

English letters (1-11 symbols) MD4 ~ 110 days $ 5 544

http://www.smashthestack.org/

http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/

http://hashcat.net/oclhashcat/


Password Algorithm Required time Value

English letters (1-11 symbols) MD5 ~ 93 days $ 4 687

English letters (1-11 symbols) SHA1 ~ 167 days $ 8 416

English letters (1-11 symbols) NTLM ~ 112 days $ 5 466

English letters (lower case, 1-10 symbols)

MD4 ~ 101 hours $ 212


MD5 ~ 86 hours $ 180


SHA1 ~ 155 hours $ 325


NTLM ~ 105 hours $ 220


MD4 ~ 384 years $ 7 064 064


MD5 ~ 325 years $ 5 978 700


SHA1 ~ 586 years $10 780 056


NTLM ~ 394 years $ 7 248 024


MD4 ~ 10 years $ 183 960


MD5 ~ 9 years $ 165 564


SHA1 ~ 16 years $ 294 336


NTLM ~ 11 years $ 202 365


MD4 ~ 108 days $ 5 443


MD5 ~ 92 days $ 4 636


SHA1 ~ 165 days $ 8 316


NTLM ~ 111 days $ 5 594


MD4 ~ 72 hours $ 151


MD5 ~ 61 hours $ 128


SHA1 ~ 110 hours $ 231


NTLM ~ 74 hours $ 155

The red shading indicates the requirements that can be met by almost any attacker to restore a password from existing hash.


8 DDoS via Clouds

First of all, let us consider the scheme of an efficient DDoS attack against a server or a service. The success of a DDoS attack has the following preconditions: - a great number of attacking machines - an “intelligent” loading of the system under attack The IaaS service together with specially developed software for DDoS attacks ensures successful DDoS against target systems. The IaaS service supports a multitude of attacking machines. Specialized software should be responsible for “intelligent” loading of systems under attack for the purpose of causing a denial of service. The specialists in our company have developed a requirements specification for such software. Here are its main features: Requirements for developed system of distributed stress testing: - operability under various platforms (Linux/Windows) - several modules - centralized control (client<->server) Modules required at the initial stages: - SYN flood - UDP flood - ICMP flood - Application flood

- HTTP/HTTPS (GET/POST) - FTP - SMTP/SMTP+SSL/TLS - POP3/POP3+SSL

For such software, the most essential requirements are the speed and performance of each module. While developing the system of distributed stress testing that would meet these requirements, we tested software to be used for the DDoS attacks. Most software products that can be downloaded for free did not meet the ‘centralized control’ requirement, so we developed managing scripts for Unix. The scripts allowed centralized control over starting and stopping the applications that perform the attack. Before testing, we found applications that could cover at least the minimal set of functions of the


developed system of distributed stress testing. Table 4 lists the software and the required system functions. The list of software was prepared for the Unix environment. Tab. 4

Required functions Software name

SYN Flood Mausezahn

UDP Flood Mausezahn

ICMP Flood Mausezahn

Application flood [HTTP/HTTPS] SlowPost.pl

Mausezahn (http://www.perihel.at/sec/mz/) is a utility that generates traffic, both valid and invalid.

In most cases, it is used to test VoIP networks and large networks, as well as to perform security audits of the systems that are likely to be subject to specific DoS attacks. SlowPost.pl (an analogue of SlowLoris HTTP DoS Tool) is a short script developed in Perl that allows conducting of a DoS attack against HTTP by sending POST requests to a web server (the purpose is to exhaust the allowed number of connections to the server so that no other client could connect to it). A more detailed description of this attack is presented on the web page of SlowLoris HTTP DoS (http://ha.ckers.org/blog/20090617/slowloris-http-dos/). A similar method of Application

Flood for the HTTP protocol via POST requests using cloud computing was offered by David Bryan and Michael Anderson at Defcon 18, a hacker conference (http://www.defcon.org/images/defcon-

18/dc-18-presentations/Bryan-Anderson/DEFCON-18-Bryan-Anderson-Cloud-Computing.pdf). D. Bryan

and M. Anderson implemented the functions of the Application Flood distributed stress testing system for the HTTP protocol. Unfortunately, the actual result, denial of service of a real server (one of the Defcon servers were used for demonstration), was not achieved, however, the plan is quite workable in theory. The failure might have been caused by either an inefficient Application Flood, or an insufficient number of attacking servers. When developing the SlowPost.pl, the main goal was to make Application Flood most effective. As a result, the script allows the use of a single machine to establish and maintain over 900 simultaneous connections to the web server under attack. Additionally, the characteristics allow the use of only one machine to perform a DDoS attack against most web servers operating under an Apache web server. It can be explained by the fact that the default file configuration directive for the MaxClients server is 256, i.e. the majority of web servers can provide their data only to 256 users at a time. Unlike Apache, the IIS web server IIS (Windows 2003 Server), uses the default directive that equals 20,000. The system of distributed stress testing was developed taking into account the capabilities of the IaaS service provided by Amazon (http://aws.amazon.com). We chose Amazon for several reasons.

First of all, it is a fast-developing project that allows its users to be among the first to enjoy new features of cloud computing. Secondly, having compared the cost of the DDoS attacks (Table 5) for different services, we found Amazon the most flexible and affordable. Tab. 5

Necessary resource Cost

Operation of one Micro Instance 1

$ 0.085 ~ 3 rubles

Traffic (in+out) (GB) $ 0.150 ~ 5 rubles

Technical specifications of the Instance used as an attacking link are as follows:

1 “Instance” means a started virtual server.

http://www.perihel.at/sec/mz/

http://ha.ckers.org/blog/20090617/slowloris-http-dos/

http://www.defcon.org/images/defcon-18/dc-18-presentations/Bryan-Anderson/DEFCON-18-Bryan-Anderson-Cloud-Computing.pdf

http://www.defcon.org/images/defcon-18/dc-18-presentations/Bryan-Anderson/DEFCON-18-Bryan-Anderson-Cloud-Computing.pdf

http://aws.amazon.com/


- x86/x64 System (1 CPU) - 613 Mb RAM - 10 Gb HDD We chose the technical specifications to be minimal for the Instance because DDoS attacks depend more on the number of attacking instances than on their specifications. Each Instance has a communication channel with the Internet with a bandwidth being 100 Mb/s, which should obviate any problems with data transfer speed. Mostly, it was curious to see the real capacity of the intended botnet with the use of cloud computing. For the test we chose Bryan and Anderson’s scenario, which is implemented as a DDoS attack against an HTTP server. Attacks of this type against corporative web servers are often used to blackmail, eliminate competitors from the Internet, and to perform phishing attacks. It was found out that the combination of one Instance and the SlowPost.pl script allows emulating more than 900 web server clients. Thus, combination of these tools is enough to crash any web server that cannot support more than 900 connections. The cost of implementing such a DoS attack is very low because it consumes only computer time, not resources or traffic. Table 6 shows the cost price of a DDoS attack for such servers.

Tab. 6

Necessary resource Number Cost

Operation of one Instance 1 $ 0.085 ~ 3 rubles per hour

Traffic (in+out) (GB) <1 < $ 0.150 ~ < 4 rubles

Total < $ 0.235 per hour

For a real-life testing, a web site served by an IIS server was used as the target. Load balancing was shared by two IP addresses. Thus, to conduct a DoS attack against the web site being tested, it was necessary to establish more than 20,000 connections to each of the IP addresses. The web server had default settings. In the issue, to provide all conditions for a successful DoS attack, 46 “Instances” were running on the site of the Amazon provider emulating a simultaneous operation of 900 users working with the target web server. An average user of the Amazon server is allowed to work with not more than 20 Instances at a time. Though it is possible to expand the limit, we registered only 3 different accounts to emulate an attacker’s actions as plausibly as possible. Apart from the expense of the services, we had to buy 3 SIM cards (registration requires a telephone authentication by a robot). It goes without saying that the SIM cards were anonymous, with 300 rubles on each account. The purchase was absolutely legal. According to the tariffs of each mobile service provider, we bought a $5 Prepaid Card for Internet Shopping for each SIM card. The prepaid card is required to register at Amazon and pass the verification. So, the total cost of the DDoS attack against a web site of a large company was 1,150 rubles (about $40 USD). The detailed budget information is provided in Table 7.

Tab. 7

Necessary resource Number Attack duration Cost

SIM card 3 - 900 rubles ~ $ 20

Operation of one Instance

46 2 $0.085 * 46 * 2 = $ 7.82

~ 240 rubles

Traffic (in+out) (GB) <2 - < $0.150 * 2 ~ < 8

rubles

Total: ~ $ 40


The web server was under attack for two hours, which is enough to cause considerable loss in the field of Internet business. The attack scheme is presented in Figure 4.

Cloud Computing

Instance 1

Instance N

Web server under

attack

Control center

DoS host: Target

Instances emulating more than

40 000 clients of web server to

cause DoS

DoS: target

DoS: target

Emulating 900 client of

web server

Emulating 900 client of

web server

Fig.4. DDoS attack scheme Thus, the cost of a serious “bot army” is about $20 per hour, whichever attack method is applied. An attack using Application Flood via POST requests was considered, since it is the most popular method. However, the cost would be the same for attacks using SYN/UDP/ICMP Flood except for differences between the methods in respect of traffic usage. Application Flood is the most reasonable choice for an attacker because it provides the most “intelligent” method of attack; however, there is always a question of cost of the software that carries out the attack. For instance, it costs about 100,000 rubles to develop software for the system of distributed stress testing, described at the beginning of the chapter.


9 Trojan Horses in Instance

Another advantage of cloud computing services is that they allow one to select an OS and its components easily through a useful web interface. The user can apply both standard solutions from the provider and OS images created by users of the provider. For example, the Amazon service uses the latter scheme actively. However, this is the scheme that hides a hazard: providers do not guarantee that system images shared by users do not perform any hidden actions (i.e. do not log events, copy personal data, operate as a botnet part, distribute malicious software, etc.). The performed testing indeed proved that most providers do not control such activities. The testing required: - creating an image of a popular OS in the AMI format and publish it with open access to the Amazon interface; - compiling a good description of the configured system (installed software, useful features, etc.). At the same time, it was not mentioned that it is necessary to read the fine-print text informing users that every time they start this OS image, an HTTP GET message is sent to a server collecting statistical data. This fact could even be left unmentioned in the image description. As a result, 1000 messages were received during one month. What is the amount of sensitive data that could have been gathered if it were more than just an innocuous collection of statistical information on the number of messages? What stops a malicious user from uploading an image of a system with a pre-installed rootkit in it and use it once a day to scan determined IP address ranges, thus gathering sensitive data? Hardly anything. It should be pointed out that providers assign a separate IP address from a given range for each image. Thus, one IP address can change owners several times a day. Just a couple of clicks in the web interface, and the IP address is changed, enabling attackers to perform phishing attacks and redirect users to so-called “exploit packs”. Changing too fast, a malicious IP address gives users no time to spot it.


10 How Is Abuse Actually Treated?

An immediate reaction on abuse should be part of the security policy of any provider, since it puts their reputation as a serious company at stake. But what is the reality? A little research has revealed that even such major cloud computing providers as Amazon are in no hurry to deal with various violations and investigate incidents. In fact, it doesn’t go further than an incident entry. First of all, to look into an incident, a provider requires not only the attacker’s IP address, but the exact date and time of the attack, which is a bit frustrating: if the time in your server is misconfigured, the investigation of your incident, even if conducted, will be unsuccessful. After the required information about the attacker has been submitted to the provider, the correspondence will carry on. However, it will be quite a one-way correspondence: the provider will be happy to get your answers to their questions, while you, with some exceptions, will get a polite silence in response to yours.


11 What To Do Under Attack?

When addressing your provider for the first time, you will be asked to provide the following information: - attacker’s IP address; - victim’s IP address; - the port under attack and the protocol used for the attack; - exact date, time and victim’s time zone; - logs from the victim’s machine that evince the fact of the attack (not more than 4 Kb); - contact details. It should be mentioned straightaway that the exact date, time and the victim’s time zone of the attack are of extreme importance because the attacker’s IP address can be changed several times a day, thus making it more difficult to trace the violator. For such cases we recommend identifying the IP address at the moment of the attack and then checking its availability within several hours. This information can be of significant help to the provider in investigating the incident. Try to identify the exact type of the attack also, then make a copy of the log files from the service being attacked. This copy is to be submitted to the security service later.


12 Conclusion

Cloud computing technology has provided users with high-power computing, but at the same time it has provided some with an opportunity to apply this power for their selfish ends. There is no remedy for this problem. However, if you know possible attack vectors that use cloud computing, you can protect your information resources from possible incidents (e.g. caused by applying weak encryption algorithms). As regards users applying cloud computing services, we would like to say in conclusion that even when you use advanced services from top providers, you should always remember basic information security principles.


13 Positive Research

Our innovation division, Positive Research, is one of the largest and most dynamic security research facilities in Europe. This award-winning centre carries out research, design and analytical work, threat and vulnerability analysis and error elimination. Our experts work alongside industry bodies, regulators and universities to advance knowledge in the field of information security and to assist in the development of industry standards. Naturally, this knowledge is also applied to improving the company’s products and services.

Positive Research identifies over 100 0-day vulnerabilities per year in leading products such as operating systems, network equipment and applications. It has helped manufacturers including Microsoft, Cisco, Google, SAP, Oracle, Apple, and VmWare to eliminate vulnerabilities and defects that threatened the safety of their systems.

{ab}use their clouds. cloud computing as viewed by pentester

Documents