As organizations shift to cloud-storage platforms such as Elasticsearch and MongoDB to store data, we've also seen a rise in massive data leaks as a result of these databases being mistakenly misconfigured and exposed publicly. If you've ever wondered how researchers discover and report these databases, this talk is for you! In this talk, we'll live-code a system that searches data sources like Shodan to discover public databases, triage them, and report them to their owners. Finally we'll talk about how to set up and configure these databases to prevent data leaks and protect your organization.
Jordan Wright is a lead research engineer on the Duo Labs team at Duo Security. He has experience on both the offensive and defensive side of infosec, and enjoys contributing to open-source software as well as performing security research.