Guy Binyamin
Cyber Security Specialist, Varonis
Tel Aviv, Israel
Actions
Guy Binyamin is a security specialist with the Varonis forensics team, contributing to DFIR, penetration testing, and attack simulations. He has spent his entire career in cybersecurity, working in both offensive and defensive roles at Comsec Global Consulting and Varonis.
Links
Area of Expertise
Topics
From Code to Cloud: What We Accidently Share on GitHub
Millions of lines of code are publicly published on GitHub every day. Most of this code is never reviewed by anyone other than the author. Sometimes, the author publishes old code without reviewing it, which could be something they wrote for personal use or during their job. These lines of code can occasionally contain passwords and secrets. When searching through a large amount of code, we will almost certainly find these secrets.
Cloud secrets, particularly Azure secrets, are usually accompanied by the tenant ID. Using some Azure magic, we can find any tenant ID by the tenant’s name without authenticating. The tool I created takes advantage of this and uses the GitHub API to search for that tenant ID and extract all associated secrets and credentials.
In this session I will go over the use of the tool as both an offensive tool and defensive one by tracking leaked secrets and credentials.
Playing the Adversary – Testing Cyber Resilience at the Enterprise Scale
Enterprise pen testing and cyber risk assessments are not as simple as scanning for open ports, buckets, and exposed credentials. To properly test an enterprise’s defenses requires putting them under realistic stress and conditions. To do so, your red team needs the right infrastructure, automation, and simulations to reveal vulnerabilities or gaps in resiliency at scale. Join our session to learn automation best practices for cloud-based C2 infrastructure design and deployment, how to create realistic adversary simulations, and see best practices on client-based threat simulations.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top