Live Hack: Common Paths to Breach from One Compromised AWS Identity

  • Wednesday, 10 Mar 2021 3:30PM EST (10 Mar 2021 20:30 UTC)
  • Speakers: Dave Shackleford, Jeff Moncrief

The greatest risk to data security in the public cloud is its own complexity and scale. Breach tactics remain, on the whole, mundane: bad actors simply take advantage of the labyrinth of identity structures within the public cloud infrastructure. The sheer number of interlocking entities, permissions, roles, and privileges in a modern enterprise cloud presents many opportunities for unintentional paths to data via compromised identities.

The best way to visualize this is to actually see it from a hacker's perspective - so we 're doing this live in the cloud to show the most common paths to a data breach in AWS. We 're using simple command-line arguments to compromise an identity in a typical s3 bucket and make our way to sensitive data. We'll go through how bad actors can easily abuse concepts like:

  • Privilege escalations
  • Trust relationships
  • Toxic identity combinations
  • Improper separation of duties

'Join us!