A vulnerability by any other name: Unveiling in-the-wild abuse of app misconfigurations
Danielle Aminov, Gili Tikochinski
Misconfigurations are a universal risk, impacting cloud, IoT, and on-prem environments due to human error or default settings in widely adopted technologies.
In this talk, we'll explore how these oversights—common in setups involving applications such as Jupyter Notebook, Jenkins, Spring Boot Actuator, and Redis—expose sensitive data, from AWS keys to access credentials, and can lead to Remote Code Execution (RCE), creating footholds for initial access and lateral movement. We'll reveal how attackers exploit these critical missteps, which are rarely highlighted in security frameworks and aren't tracked like CVEs, leaving many organizations unaware of the risks and lacking formal best practices.
Using real-world incident response cases, we'll showcase how attackers abused misconfigurations as entry points, and how forensic analysis revealed this attack path. We'll also discuss recent campaigns by financially motivated threat actors, such as TeamTNT, Dreambus, and WatchDog, who leverage these opportunities for initial access. Finally, we'll cover how targeted monitoring and configuration management can help identify these gaps, enabling effective attack surface reduction while revealing unnoticed entry points. This presentation underscores the need for vigilance when deploying new technologies or applications.
Speaker Bios:
Danielle Aminov is a part of Wiz’s Attack Vector Intel team, specializing in network-based threats and threat intelligence. She develops detection strategies for large cloud environments. With over five years in offensive security within the IDF and in the cyber department of a global consulting firm, Danielle has expertise in red team operations and penetration testing.
Gili Tikochinski is a part of Wiz’s Attack Vector Intel team, focusing on malware detection and threat hunting. With over seven years in cyber research within the IDF and defense contractors, he has expertise in hardware research, reverse engineering, and building large-scale cybersecurity tools.
