Attacking and Defending Cloud Metadata Services

  • Wednesday, 30 Oct 2019 10:30AM EDT (30 Oct 2019 14:30 UTC)
  • Speaker: Eric Johnson

Cloud Metadata Services have been exploited by attackers in order to gain direct access to an organization's cloud resources. The Capital One breach notification published in July put a spotlight on the metadata service and its weaknesses. Join Eric Johnson for a walk through of the publicly available information from the breach. We will demonstrate how the attacker compromised AWS instance metadata credentials, gained access to privileged resources, and exfiltrated data from the account. The conversation then shifts to a post mortem discussion about cloud security controls that could have prevented or limited the blast radius of the attack.