Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors

Presented at CackalackyCon 2 (2023), May 7, 2023, 2 p.m. (60 minutes).

Mandiant has identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest and abuse credentials using Amazon’s Instance Metadata Service (IMDS).

Presenters:

• Nader Zaveri

Links:

• https://www.youtube.com/watch?v=JdPXKmP_w-A

Similar Presentations:

• ToorCon: Seattle 2008 / URI Use and Abuse
• Kernelcon 2023 / Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors
• CircleCityCon 10.0 (2023) Virtual / Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors