homepage
Open menu
Contact Sales

Live Hack: Common Paths to Breach from One Compromised AWS Identity

  • Wednesday, 10 Mar 2021 3:30PM EST (10 Mar 2021 20:30 UTC)
  • Speakers: Dave Shackleford, Jeff Moncrief

The greatest risk to data security in the public cloud is its own complexity and scale. Breach tactics remain, on the whole, mundane: bad actors simply take advantage of the labyrinth of identity structures within the public cloud infrastructure. The sheer number of interlocking entities, permissions, roles, and privileges in a modern enterprise cloud presents many opportunities for unintentional paths to data via compromised identities.

The best way to visualize this is to actually see it from a hacker's perspective - so we 're doing this live in the cloud to show the most common paths to a data breach in AWS. We 're using simple command-line arguments to compromise an identity in a typical s3 bucket and make our way to sensitive data. We'll go through how bad actors can easily abuse concepts like:

  • Privilege escalations
  • Trust relationships
  • Toxic identity combinations
  • Improper separation of duties

'Join us!

Login to Register

Sponsor

Sonrai_logo_stacked_purple-black.png

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
HackFest_blog_image.png
Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming
A Visual Summary of SANS HackFest Summit
Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023
370x370-person-placeholder.png
Alison Kim
read more
Blog
Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming
SEC670 Prep Quiz Answers
Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.
370x370_jonathan-reiter.jpg
Jonathan Reiter
read more