MICHAEL NEUMAN
PORTFOLIO
_____________________________________________________________________________________________________________________________________________________________________
EXPOSED CLOUD RESOURCES DISCOVERED
[DATE]
On [DISCOVERY DATE], I found a Microsoft Azure Blob Storage that was publicly exposed and contained sensitive information pertaining to an organization. The organization's [CISO / point of contact] confirmed to me that as of [DATE], the exposure was remediated thanks to my discovery. The following metadata was associated with the bucket pertaining to a [SMALL/MIDSIZE/LARGE] organization in the [INDUSTRY] industry. The organization [rewarded me with a bug bounty compensation/thanked me] for the proper disclosure and additional Digital Forensics information around whether the resource was accessed by any potential malicious actors.
NUMBER OF FILES
[NUMBER OF FILES]
SIZE OF BUCKET
[SIZE OF BUCKET]
FILE LAST MODIFIED DATES
MIN[DATE] - MAX[DATE]
FILE COMPOSITION (based on Extension)
[FILE COMPOSITION]
RECENT CODING PROJECTS / UPDATES
April 3, 2022
I created the following python script the generates multiple useful forensic reports based on output from running various programs including Eric Zimmerman's tool suite and sleuthkit v4.12.
So far, the python script has the following capabilities:
Input /// Forensic image file (.E01,.E02,.EXX...) file
Output /// Timeline report with columns Timestamp (UTC), Hostname, Short Description, Description, Indicator (HASH/IP), Artifact
So far, the tool generates a timeline report based on output from the following additional programs:
AmcacheParser -- https://www.sans.org/tools/amcacheparser/
AppCompatCacheParser -- https://www.sans.org/tools/appcompatcacheparser/
EvtxECmd -- https://www.sans.org/tools/evtxecmd/
JLECmd -- https://www.sans.org/tools/jlecmd/
LECmd -- https://www.sans.org/tools/lecmd/
MFTECmd -- https://www.sans.org/tools/mftecmd/
PECmd -- https://www.sans.org/tools/pecmd/
RBCmd -- https://www.sans.org/tools/rbcmd/
RECmd -- https://www.sans.org/tools/recmd/
SBECmd -- https://www.sans.org/tools/sbecmd/
SQLECmd -- https://github.com/EricZimmerman/SQLECmd
SRUMECmd -- https://github.com/EricZimmerman/Srum
WxTCmd -- https://www.sans.org/tools/wxtcmd/
An example screenshot of output can be seen below:
August 24, 2022
Shaker & Spoon Tops Off Their Cybersecurity Cocktail with the help of IP SLIP
The security research team at IP SLIP (Michael Neuman, "me") worked with company Shaker & Spoon to secure a publicly exposed AWS S3 bucket associated with their organization. Shaker & Spoon is a food and beverage company that provides boxes of all the fixings for cocktails, except the alcohol, but including the drink recipes! The identified bucket contained over 1,600 files and just over 1.97 GB of data. After reporting on the security issue, Shaker & Spoon was quick to work with their IT team to fix the issue. Mike Milyavsky, CEO of Shaker & Spoon spoke with me about additional details and mentioned that their site had a security configuration wherein a link delivered via an authenticated process could be shared with a non authenticated user. Milyavsky confirmed to IP SLIP that as of August 23, 2022, Shaker & Spoon has corrected the process and verified that no credit card or banking information was exposed.
Timeline of public resource discovery and notification
8/11/2022 Public S3 bucket first discovered by IP SLIP research team
8/18/2022 First potentially sensitive file identified containing e-mail addresses. First attempt to contact Shaker & Spoon via hello@shakerandspoon[.]com.
8/22/2022 Second attempt to contact Shaker & Spoon via hello@shakerandspoon[.]com
8/23/2022 Response from Shaker & Spoon CEO confirming issue was resolved and NO SENSITIVE DATA was exposed.
_____________________________________________________________________________________________________________________________________________________________________
ABOUT ME
I am a seasoned professional with cybersecurity analysis and leadership experience. Recognized for demonstrating a natural aptitude for analyzing complex data to produce impactful insights, as well as for developing highly functional code and ensuring alignment between solutions and customer requirements, I have a verifiable history of contributing directly to success throughout my career. As such, I have consistently exceeded performance goals and I am adept at driving continuous improvement. Professional focal points include software development, data analytics, team leadership, reporting, documentation management, incident response, Python, SQL, PostgreSQL, requirements gathering, process improvement, and issue resolution. Delivering superior administration on the latter areas of expertise requires utilization of effective communication skills, analytical skills, as well as technical acumen, strategic planning, project management, and change management to support efficiency and quality.
I was previously a Director of Incident Response with Ankura. Under my leadership, I perform in-depth analysis into incidents and issues to ensure timely resolution. I also provide risk and legal recommendations to senior leadership and stakeholders to enable informed decision-making. In addition, I hold a Master of Science in Computer Science from Northwestern University.
Colleagues describe me as a progressive, driven, down-to-earth, technical and analytical expert who can be relied on to offer superior solutions that deliver impactful results.