Mining and abusing memcaches

Memcached has achieved a dominant position in the market as a very useful tool for enabling large-scale applications. However its initial design was based on assumptions that no longer hold true for many environments in which memcached is found today. In this talk, we describe techniques for finding, enumerating and exploiting Internet-facing memcached instances with sometimes surprising results from recognizable sites. Along the way, the go-derper tool will be demonstrated and we’ll briefly delve into exploiting Python Pickle.

Learn more about the speaker.