Rodney Beede
M.S. in Computer Science
- University of Colorado at Boulder
- "A Framework for Benevolent Computer Worms" 2012
Security Work
- BSides Austin 2024 - Instructor for workshop PaaS Cloud Goat
- Def Con 32 - Workshops - Instructor for workshop Hacking Apps on Salesforce - (GitHub Link)
- OWASP San Antonio - July 2024 Chapter Meetup - PaaS Cloud Goat (hacking custom Salesforce apps)
- BSides San Antonio 2024 - Workshop - Salesforce Custom Application Vulnerabilities - (materials on GitHub)
- Black Hat USA - Arsenal - 2023 - Cloud AuthZ Trainer (CAZT)
- BSides San Antonio 2023 - Workshop - Pen-Testing Cloud REST APIs - (materials on GitHub)
- BSides San Antonio 2022 - Workshop - Pen-testing Cloud REST APIs - (materials on GitHub)
- BSides San Antonio 2021 - Presented talk - Common Cloud Vulnerabilities with Walkthroughs
- AWS Certified Security - Specialty certification - May 2021
- CISSP - January 2020
- BSides San Antonio 2020 - Presented talk - Automating Attacks Against Google Home Device Provisioning
- BSides San Antonio 2019 - Presented talk - Real-world attacks against Rackspace. A review of real-world attacks we see every week at Rackspace against us or our customers. Examples include phishing, DDoS amplification, credential brute force attacks, fraud for crypto-mining or spam campaigning. Also some of the vulnerability testing we perform on ourselves (red teaming missions).
- CVE-2019-5630 - Cross-Site Request Forgery (CSRF) vulnerabilities on API endpoints using Flash. Vendor release patch 6.5.69
- CVE-2019-11535 - RE6400 and RE6300 through versions 1.2.04.022 allows for remote command execution
- CVE-2019-8346 - XSS in ManageEngine ADSelfService Plus param adscsrf
- CVE-2019-5615 - Rapid7 insightVM (nexpose) also exposes clear-text password for backups and keystore (chased vendor to add clear-text disclosure, original work for admin-hashes by another)
- Slack vulnerability (#496095) where any third party add-on can post to announcements-only channel
- OSCP - March 2019
- "Unattended, Unlocked, Unprotected Terminals - User Security Training with USB Rubber Ducky" - August 21, 2018
- "Making App Password Changes Easier" - August 6, 2018
- BSides San Antonio 2018 - CTF winning team
- "Cloud API Service Accounts and Managing a Jungle of Credentials" - InnoTech Oklahoma; October 5, 2017
- "Single Sign-On Watering Hole" vuln. presentation at BSidesOK 2017
- "Shadow IT In The Cloud" - Oklahoma Retailers InfoSec Forum, 2016
- "Case Study: Seagate's Amazon AWS Cloud Security" – InnoTech & IWS9, 2016
- Discovered CVE-2015-8503 XSS in Tenable SecurityCenter; 2016
- Discovered data disclosure vuln in Google Spreadsheets; 2015
- "Case Study: Seagate's OpenStack Swift Security" – InnoTech 2015; CSA&IAPP 2014
- CSA Certificate of Cloud Security Knowledge (CCSK) - 2014
- Authored chapter "Object Storage" in the OpenStack Security Guide
- Discovered CVE-2013-3627: McAfee Agent v4.6 Denial of Service
- AppSec USA (OWASP) - CTF winning team – 2012 & 2013
- Misc Security Blog Posts
Personal website: https://www.rodneybeede.com/
|