05-16, 10:00–10:30 (US/Eastern), Salle de Bal
There are various Machine Learning/BigData frameworks that have become quite popular in the past year due to the release of ChatGPT. This sudden popularity has caused that the scale for growth in parallel computing comes first and leaves aside the implementation of security mechanisms in some of the frameworks' components. In this talk I will go over the research process that I performed on one of these frameworks in an AWS install, showing how it started as two vulnerabilities in a web dashboard and quickly became privilege escalation in an AWS account.
English
As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).
When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.