Identifying Cross-Account Attack Paths in AWS Environments at Scale

Presented at Disobey 2024, Feb. 17, 2024, 6 p.m. (30 minutes).

Cross-account IAM role trust relationships can enable complex and hard to detect attack paths in AWS environments. In large AWS organizations, analysing such paths manually is practically impossible due to many different configurations involved. But what if we could simplify such analysis a bit? This talk will outline how attackers could exploit AWS IAM role trust relationships and demonstrate how to reveal the routes attackers could take inside your AWS environment.

Presenters:

• Aleksi Kallio
  Aleksi Kallio is a security consultant at WithSecure where he focuses mostly on cloud security. He has several years' experience in helping clients to secure their systems and environments. Aleksi is interested in all things related to security and cloud, and especially the combination of the two.

Links:

• https://disobey.fi/2024/profile/disobey2024-215-identifying-cross-account-attack-paths-in-aws-environments-at-scale

Similar Presentations:

• Black Hat USA 2016 / Hardening AWS Environments and Automating Incident Response for AWS Compromises
• ToorCamp 2016 / The Good the Bad and the Ugly: AWS Account Takeover via IAM Instance Roles
• CackalackyCon 2 (2023) / AWS Security Reference Architecture: A Well-Structured Foundation