Texas Cyber Summit II

This talk presents "wedging" as the strategic insertion of one's presence either along or at the end of a workflow.
The purpose being to passively receive data or enable quiet enumeration of systems and operations.

Two examples:
1. In research at UpGuard, it has been noted that many large enterprises with unique cloud storage bucket names will juggle those names. Meaning they will register and deregister bucket names with the cloud operator fairly often, which is assumed to be necessary due to caps on the number of bucket names per account. This introduces risk if a malicious actor is monitoring the buckets and realizes the pattern of on/off name toggling. A malicious actor could register a bucket with one of the unique names as soon as it is dropped, but before it is re-registered and then enable universal read/write access. This could then cause the enterprise to assume they had internally registered the bucket yet again and lead to data being written to the bucket by them (which, of course the malicious third party could then access). Versioning controlled by the third party prevents deletion/overwrite attempts even if noticed.
2. Shady political organizations have a tendency to quickly deregister domain ownership when one of their sites is caught up in a scandal. By registering the domain (after the previous owners attempt to wash their hands of it quickly), a third party can set up a catch-all email address at that domain. Any mails directed to that domain, from previous political conspirators will land in the new domain owner's catch-all inbox. This also enables the ability to receive password-reset emails for any accounts which utilized the domain as an email address when registering.

Aspects covered will be the concept itself, how malicious actors can exploit it, how defenders can prevent it, as well as options in responding to incidents of wedging being utilized against your organization.