As bandwidth, computing power, and software advancements have improved over the years, we've begun to see larger and larger DDoS attacks against organizations. Often times these attacks employ techniques such as DNS Amplification to take advantage of servers with very large uplinks. This talk explores a similar technique targeting commonly used throughput testing software typically running on very large uplinks. We will explore the process of attacking this software, eventually compromising it and gaining root access. Then we'll explore some of these servers in the real world determining the size of their uplinks and calculating the total available bandwidth at our fingertips all from a $5 VPS. We will finish up the presentation with a live demo exploiting an instance and launching a DoS.
Luke Young is a security researcher from the frozen plains of Minnesota who has spent his last three summers escaping to the much warmer Bay Area as a security intern for various tech companies, most recently as part of the Uber product security team. He presented at DEF CON 23 on the topic of exploiting bitflips in memory and has investigated a variety of well-known products and network protocols resulting in numerous CVE assignments and recognition in security Hall of Fames. He is currently attempting to balance earning his undergraduate degree with maintaining his position as one of the top 10 researchers on Bugcrowd.