Hacking AWS - TTPs for the Cloud

Presented at ShellCon 2020 Virtual, Oct. 9, 2020, 5 p.m. (55 minutes).

Amazon Web Services (AWS) is one of the most popular ways for companies large and small to deploy their software and infrastructure. That popularity makes it a prime target for attackers, but what do attacks in AWS even look like? We've all heard of the SSRF to metadata trick, but what else can attackers do? With this talk we'll dive into the tactics, techniques, and procedures a modern Penetration Testing or Red Team can leverage to exploit cloud infrastructure/applications, and what defenders can do to make this more difficult.

Presenters:

• Nick Frichette
  Nick Frichette currently works as the team lead for the Penetration Testing Team at a large financial services company. His primary focus is on web application and AWS with a dash of containerization. In his free time he does vulnerability research, blogs regularly on his , collects certifications, and spends time with his cats.

Links:

• https://2020.shellcon.io/talks/2020/hacking-aws/

Similar Presentations:

• Black Hat USA 2016 / Hardening AWS Environments and Automating Incident Response for AWS Compromises
• AppSec USA 2014 / Bringing a Machete to the Amazon
• Black Hat Europe 2014 / Bringing a Machete to the Amazon