homepage
Open menu
Contact Sales

Attacking and Defending Cloud Metadata Services

  • Wednesday, 30 Oct 2019 10:30AM EDT (30 Oct 2019 14:30 UTC)
  • Speaker: Eric Johnson

Cloud Metadata Services have been exploited by attackers in order to gain direct access to an organization's cloud resources. The Capital One breach notification published in July put a spotlight on the metadata service and its weaknesses. Join Eric Johnson for a walk through of the publicly available information from the breach. We will demonstrate how the attacker compromised AWS instance metadata credentials, gained access to privileged resources, and exfiltrated data from the account. The conversation then shifts to a post mortem discussion about cloud security controls that could have prevented or limited the blast radius of the attack.

Login to Register

Related Content

Blog
CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg
Cloud Security
Aviata Cloud Solo Flight Challenge
Master cloud security by tackling this free series of workshops.
Cloud_Ace_Final.png
SANS Cloud Security
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
Blog: Industrial Control Systems Cyber threats & The Gulf Region (Part 1)
Cybersecurity and IT Essentials
Industrial Control Systems Cyber Threats & The Gulf Region: ICS Blog Series: 1 of 3
Modern Attacks Against Critical InfrastructureThe evolution of targeted attacks against critical infrastructure in recent times sends a clear message to asset owners and operators. In industrial control systems - water management, oil and gas refineries and distribution operations, and power grids,...
DeanParsons_340x340.png
Dean Parsons
read more