First public presentation of the Broker Injection concept.
What it’s about
I presented for the first time the concept of Broker Injection and released Enteletaor, a security tool to inject, extract and modify information from Brokers and Message Queues.
This talk covers:
- Vulnerabilities in messaging systems (Redis, RabbitMQ, ZeroMQ)
- Injection techniques in brokers
- Sensitive data exfiltration
- Practical demonstration with Enteletaor
Why it’s relevant
Brokers and messaging systems are at the heart of modern distributed systems. But nobody was talking about their security.
This talk introduced a completely new attack vector that many companies hadn’t even considered.
Impact
- Concept adopted by the security community
- Enteletaor became the reference tool for broker pentesting
- Multiple companies reviewed their messaging architecture after this talk