Ryan Elkins

The @ReconVillage talks are posted! 📕 Blog - brevityinmotion.com/automated-clou… ⌨️ Code - github.com/brevityinmotio… ☁️ Video - youtu.be/DvZAkG8P8m0 Is anyone else using #AWS or #cloud for #bugbounty tooling? Or interest in learning? I may do a mini series of video tutorials and blogs.

@Andrew___Morris @pdiscoveryio @ipinfo @4A4133 I did this a while back and also put this URL into many of the SaaS products I use such as a url in a draft email not being sent to see if it was accessed (it was), sending them in private messages, etc. Would be an interesting expansion to your project related to privacy.

For kicks, I set up an interactsh server with authoritative DNS, wrote a bit of code that gens a random UUID dot mydomain dot com at runtime, resolves DNS+grabs a web page, compiled it into an exe, and uploaded it to a few malware sandboxes. Results are wild. Here are some stats:

@ofjaaah I have some updated code that will work across many of the functions and I’ll work on developing the cdk and deployment guide this week. I’d be happy to share more details once I get the infrastructure code published.

@ryanelkins If you can help me build this structure I'd be very happy, or have a step-by-step guide on how we can execute it, and if you release it I can talk more about her here in Brazil to my students and followers:?

hey my bro @ryanelkins Do you have this structure in terraform? Firstly, congratulations on the project! github.com/brevityinmotio…

@HackingDave 💯 agree. I would have driven over for this one if I knew this group was going to be there! Lots of great memories!

Reunited with my old Diebold team and co-workers 12 years later... My peers. This team right here was hands down the best team ever assembled. We did so much high-speed and revolutionary stuff for the time and had the best security program ever made for that time. We had buy-off through the entire business including the board..friends with IT, friends with each executive in the group - we could get anything done at anytime. Not because we forced security - because we always had the right intentions for the organization to reduce risk in a way that was reasonable. Love this crew and the entire team we had. One of the best experiences I ever had, and one that I cherish everyday on how smart of folks I get to work with that teach me something new everyday. So many good stories, laughs, and accomplishing something special that forged who I am today. I am a better person due to them, and Scott Angelo who brought us all together. Scott was/is my mentor and someone I learned more from than anyone in my entire career. Not on hacking, but how to talk, how to present, how to run a business - but most importantly how to be a leader and believe in people.

@infosec_au Agreed. From an enterprise perspective, the challenge is trying to balance limited resources to maintain hygiene scores for app security reported by the insurers and 3rd parties which heavily score on client side visibility while also prioritizing high impact server side.

For the first 3-4 years that i was working in infosec, I found client side security so exciting. I stayed on top of every new technique and studied new techniques closely. After this, I took a step back and realised that all of my work on client side security felt helpless, useless, to some extent. The reason why companies were being breached was not due to client side security issues (for the most part). I analysed the reasons companies faced great hardship, and most of the time it was not because of client side security issues but rather server side issues that led to critical impact on their infrastructure. A part of me thought that client side security issues still had impact to the end users (and they still do), but I couldn't cite a single example where a company had lost so much due to a client side issue. It really shaped my mindset and perspective for what to be looking for when auditing an application, and is the reason why I became so deeply invested in server side security. I still try and stay on top of client side security exploitation techniques, but they don't really excite me any more. Might be that my perspective is wrong, and I'm open to feedback, but spending more time on server side issues makes more sense to me from a security perspective. From a bug bounty perspective, do whatever you need to do to make money (it is a game after all), but a 7 step client side chain doesn't really appeal to me from a security impact perspective.

@_StaticFlow_ @TheUnfound_Door @defparam @G0LDEN_infosec @ajxchapman @Michael1026H1 I’m all s3 csv or json and then use glue and Athena to index and search. However, to enhance, I would definitely recommend Gunnar’s approach to dump into s3 temporarily, then uses SQS into DynamoDB for persistent json type storage and queries.

@ryanelkins @TheUnfound_Door @defparam @G0LDEN_infosec @ajxchapman @Michael1026H1 How are the results stored? S3 file?

I'm really enjoying the discussions around #BugBounty automation at the moment, some really useful insight from @Michael1026H1, @defparam and @_StaticFlow_ twitter.com/Michael1026H1/…

@TheUnfound_Door @defparam @G0LDEN_infosec @ajxchapman @Michael1026H1 @_StaticFlow_ First off, great talk @G0LDEN_infosec - the design is spot-on. For AWS passive side, I am Step Functions (orchestration), Lamba (modular) < 15 min runtime, Glue Python jobs for ETL > 15 min. Ephemeral EC2/droplets or containers for long-running active work > 1+ hours.

@defparam @G0LDEN_infosec @ajxchapman @Michael1026H1 @_StaticFlow_ Ryan, can you shed some light in this? Still using ec2? @ryanelkins

@cdasmktcda @Jhaddix @stokfredrik Very cool! I assume it is a controller that can manage the IaC? It would be neat to integrate hardwired and wireless iot devices into the RPi4 to send telemetry and interception data to the infra for bug hunting iot (i.e. network traffic to find src/dst endpoints, beacons, etc).

Would love to get your thoughts on this project @ryanelkins, @Jhaddix, @stokfredrik! Any tips for maximizing the potential of this #Cyberdeck for #BugHunting? #DevOps #Ansible #Terraform #TechDIY #CodingLife

Diving into the world of #InfrastructureAsCode with a touch of creativity. 🚀 Meet my #rpi4 and mechanical keyboard, soon to transform into a custom-printed #Cyberdeck. It'll be my trusty ally for #BugHunting, no matter where I am!#DevOps #Ansible #Terraform #TechDIY #CodingLife

@pry0cc I’ve been very happy with the Dango D01 Dapper and is still in perfect condition after a couple years. dangoproducts.com/products/d01-d…

@hakluke 1 AirPod in the ear when cooking, chores, getting kids back to sleep with playlist of content. I do YouTube red for conference talks. That age is rough for hands on keyboard. Night is still my main time but at ages 8 and 5, I’m past the all the time exhaustion. It gets easier.

Parents of Twitter, I want your help!

@adrien_jeanneau It should be fixed now. Thanks again for the heads up! A weird react routing issue.

@ryanelkins Thanks! 🙏

@ryanelkins Hey! I tried to read your blog post at brevityinmotion.com/automated-clou… but I get 403 error... 😪 Is there any chance that it will be put back online? Thanks! 🙂

@RayRedacted @RayRedacted When you posted this, I signed up and was selected in the lottery. I can’t DM you but if you want my slot, let me know. Timeslot details are: From 21/02 11:00 (CET) to 23/02 11:00 (CET)

Hello friends! The ticket lottery to the Paris 2024 Olympics is now open! There is no cost to enter the lottery, & I am hoping that one of you might be get an opportunity to buy tickets to Speed Climbing; I would absolutely love to watch that event live. tickets.paris2024.org/en/

💡This thread is loaded with valuable responses and is a list of commands that I’m certainly going to spend some time learning. Looking forward to the content that @NahamSec creates from this!

☁️ This has always been one of my favorite and most valuable security resources since the original release. The approach is relevant even if you do not use AWS. Great job on the updates and the entire document is worth the time to read and implement!

@kburakmavzer Let me know if you build something cool with step functions. I have unfinished code using similar approach for automated staging and completion of static analysis/vuln discovery which I think is a gap in this space and something I’d like to see more of.

After playing around with trickest I had an idea to build recon automation using Lambda + AWS Step Functions but turns out @ryanelkins beat me to it brevityinmotion.com/bug-bounties-c… github.com/brevityinmotio…

@JackRhysider Already adding a bunch of new podcasts from other shared lists. Thank you for such a great podcast that I always look forward to!

Show me your Spotify Wrapped top #5 podcasts you listened to. Maybe we'll discover other good shows to listen to.

One unique thing about software as an engineering discipline is that it offers abstractions which allow ppl to start contributing in the field w/o having to understand the whole field. To be great, though, imo understanding what’s under the abstractions is really important: 1/

The prompt# zine is always so cool and well-done! Thank you @BHinfoSecurity for such a unique resource! My bear vs bear chase card went straight into the card saver. Now to determine where to send it to have it authenticated and graded🥇!