60 minutes: Hack this AWS account

Presented at CactusCon 12 (2024), Feb. 16, 2024, 2 p.m. (60 minutes).

The detections team is hot on your trail, and your access will be cut in 1-hour – what do you do? This talk will lay out the foundations for red teaming an AWS account in an extremely time-boxed manner. We will identify tools and techniques for exfiltrating data, maintaining persistence, and causing noise. The emphasis of this talk will be laying out things that can actually be accomplished in 1-hour. After all, time limits everything. Attendees will walk away from this talk with a functional and prioritized checklist that they can use during red team operations.

Presenters:

• John Poulin - CTO, Cloud Security Partners
  John Poulin is an experienced Application Security Practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups alike to perform secure code review, architecture, and design discussions, as well as threat modeling. John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, Source, as well as various Ruby and OWASP events about practical Application Security.

Links:

• https://cactuscon-12.sessionize.com/session/556146

Similar Presentations:

• ToorCamp 2016 / The Good the Bad and the Ugly: AWS Account Takeover via IAM Instance Roles
• DerbyCon 3.0 All in the Family (2013) / Seeing red in your future?
• Blue Team Con 2022 / Holistic AWS Cloud Security Design for Organizations