Testing Trust Relationships: Breaking Network Boundaries
Michael Gianarakis
Bug Bounty Village @ DEF CON 33 · Day 1 · Bug Bounty Village
In his talk at Bug Bounty Village, Michael Gianarakis, Chief Product Officer at Searchlight and co-founder of Assetnote, presented a critical analysis of modern network access controls, particularly **IP whitelisting**, in the context of cloud and zero-trust architectures. The presentation, co-authored with Jordan, an engineer at Searchlight, highlighted how shifting architectural trends have introduced new complexities and vulnerabilities that often go unnoticed by traditional security scanning methods. Gianarakis argued that the prevalent reliance on broad or poorly configured IP whitelists by organizations, often advised by SaaS vendors, creates significant security gaps that attackers can exploit to bypass network boundaries and access internal resources.
AI review
Competent, practitioner-grade research on a real problem — IP whitelisting is genuinely broken at scale in cloud environments, and the empirical 18M-host scan with ClickHouse analysis gives this more methodological rigor than the typical bug bounty village talk. The Newtower tooling is useful. But the core insight isn't new: cloud-region-based whitelisting as a trust boundary has been discussed for years, and the leap to 'this is fundamentally broken' needs stronger novelty support than a few anonymized RCE references.