Hacking AWS end to end

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 18, 2016, 9:30 a.m. (45 minutes).

All the things are and/or will be on AWS now but the public state of the art AWS hacking techniques are some combination of 1. Search Github for access keys, 2. Start up EC2 instances and mine Bitcoin. That's pretty poor and not at all realistic. The talk will be presented as a guide on how to hack an AWS account start to finish: External reconnaissance and target selection Initial compromise and trust abuse Log disruption Persistence Exploration and exfiltration Privilege escalation and lateral movement Other things (tm)

Presenters:

• Daniel Grzelak
  Daniel is a 100% cyber-free Security Intelligence Manager at Atlassian. He files TPS reports so that his team can fight the good fight, detecting bad guys pwning the clouds. He once opened the AWS web console and is now totally an expert in hacking AWS.

Links:

• https://2016.kiwicon.org/the-con/talks/#e255

Similar Presentations:

• Black Hat USA 2016 / Hardening AWS Environments and Automating Incident Response for AWS Compromises
• THOTCON 0x8 (2017) / Transitioning to AWS in a Hurry Without Getting Owned
• CackalackyCon 2 (2023) / AWS Security Reference Architecture: A Well-Structured Foundation