Bleon Proko

USA

Bio

Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented in conferences like BlackHat and BSides on topics related to Cloud Penetration Testing and Security. His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of the upcoming book “Deep Dive into Clouded Waters: An overview in Digital Ocean’s Pentest and Security” (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)

My Talks

Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets

Ransomware is tough. It’s hard on the target, but harder for the attacker. The logistics of downloading, storing, locally encrypting and uploading the data, while not getting caught. So, as everybo...

How to NotCreate NotSecure Policies: A dive into AWS Policies Not* Fields and the insecurities around them

Deny all, allow only what is needed is probably the best way to maintain least privileges. Some vendors, understanding this, provide by default an empty identity, with no privileges. What happens t...