Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors

Presented at Kernelcon 2023, April 14, 2023, 10:30 a.m. (60 minutes).

This presentation covers how threat actors performed the exploitation and abuse of cloud metadata services, as well as related security hardening guidance on how to detect, remediate, and prevent this type of instance of metadata abuse in an organization’s environment. As part of this presentation, we will walk through a demo of the web application that was abused and show how easy it is to obtain credentials if the organization is using the legacy version of IMDS. Then, we show how performing the remediation techniques mentioned in the presentation, the organization will be able to block such abuse techniques.

Presenters:

• Nader Zaveri - Mandiant, Google
  Nader Zaveri has over 15 years of experience in IT security, infrastructure, and risk management. Nader has lead both investigation and remediation efforts for client’s to understand the storyline of the attack for the most allusive nation-state threat actors and assist in eradicating their access.

Similar Presentations:

• ToorCon: Seattle 2008 / URI Use and Abuse
• CackalackyCon 2 (2023) / Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors
• CircleCityCon 10.0 (2023) Virtual / Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors