Mining and abusing memcaches
Memcached has achieved a dominant position in the market as a very useful tool for enabling large-scale applications. However its initial design was based on assumptions that no longer hold true for many environments in which memcached is found today. In this talk, we describe techniques for finding, enumerating and exploiting Internet-facing memcached instances with sometimes surprising results from recognizable sites. Along the way, the go-derper tool will be demonstrated and we’ll briefly delve into exploiting Python Pickle.
Marco Slaviero is the lead researcher at Thinkst. Marco has presented research at conferences all over the world on topics ranging from timing attacks to python shellcode. He is rumoured to harbor a personal dislike for figs.