A review of real-world attacks we see every week at Rackspace against us or our customers. Examples include phishing, DDoS amplification, credential brute force attacks, fraud for crypto-mining or spam campaigning. Also some of the vulnerability testing we perform on ourselves (red teaming missions).
Rodney Beede is a Cyber Vulnerability Analyst & Penetration Tester for Rackspace Global Enterprise Security. M.S. in Computer Science − University of Colorado at Boulder − "A Framework for Benevolent Computer Worms" 2012 Security Work - CVE-2019-8346 - XSS in ManageEngine ADSelfService Plus param adscsrf - CVE-2019-5615 - Rapid7 insightVM (nexpose) also exposes clear-text password for backups and keystore (chased vendor to add clear-text disclosure, original work for admin-hashes by another) - Slack vulnerability (#496095) where any third party add-on can post to annoucements-only channel - OSCP - March 2019 - "Unattended, Unlocked, Unprotected Terminals - User Security Training with USB Rubber Ducky" - https://developer.rackspace.com/blog/unattended-unlocked-unprotected-terminals-user-security-training/; August 21, 2018 - "Making App Password Changes Easier" - https://developer.rackspace.com/blog/making-app-password-changes-easier/; August 6, 2018 - BSides San Antonio 2018 - CTF winning team - "Cloud API Service Accounts and Managing a Jungle of Credentials" - InnoTech Oklahoma; October 5, 2017 − "Single Sign-On Watering Hole" vuln. presentation at BSidesOK 2017 − "Shadow IT In The Cloud" - Oklahoma Retailers InfoSec Forum, 2016 − "Case Study: Seagate's Amazon AWS Cloud Security" – InnoTech & IWS9, 2016 − Discovered CVE-2015-8503 XSS in Tenable SecurityCenter; 2016 − Discovered data disclosure vuln in Google Spreadsheets; 2015 − "Case Study: Seagate's OpenStack Swift Security" – InnoTech 2015; CSA&IAPP 2014 − Authored chapter "Object Storage" in the OpenStack Security Guide − Discovered CVE-2013-3627: McAfee Agent v4.6 Denial of Service − AppSec USA (OWASP) - CTF winning team – 2012 & 2013