SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Live Hack: Common Paths to Breach from One Compromised AWS Identity

  • Wednesday, March 10, 2021 at 3:30 PM EST (2021-03-10 20:30:00 UTC)
  • Jeff Moncrief, Dave Shackleford


  • Sonrai Security, Inc.

You can now attend the webcast using your mobile device!



The greatest risk to data security in the public cloud is its own complexity and scale. Breach tactics remain, on the whole, mundane: bad actors simply take advantage of the labyrinth of identity structures within the public cloud infrastructure. The sheer number of interlocking entities, permissions, roles, and privileges in a modern enterprise cloud presents many opportunities for unintentional paths to data via compromised identities.

The best way to visualize this is to actually see it from a hackers perspective - so were doing this live in the cloud to show the most common paths to a data breach in AWS. Were using simple command-line arguments to compromise an identity in a typical s3 bucket and make our way to sensitive data. Well go through how bad actors can easily abuse concepts like:

  • Privilege escalations
  • Trust relationships
  • Toxic identity combinations
  • Improper separation of duties

 Join us!

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Jeff Moncrief

A security veteran, Jeff’s been helping enterprises protect data on the Internet and Public Cloud for over 20 years. His specializations include compliance, IaaS/Paas, Kubernetes, network traffic analytics, incident response, and security architecture. Most recently He’s been leading teams at cloud security companies (Tripwire) and Fortune 100 firms (Cisco). Today, Jeff heads up Sonrai Security’s solutions team, helping enterprises secure their cloud with identity & data governance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.