Bio

Last Modified: Tue, 16 Apr 2019 18:11:15 +0000 ; Created: Wed, 20 Mar 2019 15:37:05 +0000

Rodney Beede is a Cyber Vulnerability Analyst & Penetration Tester for Rackspace.

M.S. in Computer Science

  • University of Colorado at Boulder
  • "A Framework for Benevolent Computer Worms" 2012

Security Work

  • CVE-2019-8346 - XSS in ManageEngine ADSelfService Plus param adscsrf
  • CVE-2019-5615 - Rapid7 insightVM (nexpose) also exposes clear-text password for backups and keystore (chased vendor to add clear-text disclosure, original work for admin-hashes by another)
  • Slack vulnerability (#496095) where any third party add-on can post to announcements-only channel
  • OSCP - March 2019
  • "Unattended, Unlocked, Unprotected Terminals - User Security Training with USB Rubber Ducky" - August 21, 2018
  • "Making App Password Changes Easier" - August 6, 2018
  • BSides San Antonio 2018 - CTF winning team
  • "Cloud API Service Accounts and Managing a Jungle of Credentials" - InnoTech Oklahoma; October 5, 2017
  • "Single Sign-On Watering Hole" vuln. presentation at BSidesOK 2017
  • "Shadow IT In The Cloud" - Oklahoma Retailers InfoSec Forum, 2016
  • "Case Study: Seagate's Amazon AWS Cloud Security" – InnoTech & IWS9, 2016
  • Discovered CVE-2015-8503 XSS in Tenable SecurityCenter; 2016
  • Discovered data disclosure vuln in Google Spreadsheets; 2015
  • "Case Study: Seagate's OpenStack Swift Security" – InnoTech 2015; CSA&IAPP 2014
  • Authored chapter "Object Storage" in the OpenStack Security Guide
  • Discovered CVE-2013-3627: McAfee Agent v4.6 Denial of Service
  • AppSec USA (OWASP) - CTF winning team – 2012 & 2013

Personal website: https://www.rodneybeede.com/