Attacking AWS: Beyond Security Groups presented at saintcon 2017

by Scott Pack,

Summary : AWS wasn't built by dummies. The premier public cloud platform comes with dozens of security features and most services are configured securely out of the box. Like most powerful tools however, it is flexible enough for you to really shoot yourself in the foot.
This talk will focus on post-exploitation. There will be a particular emphasis on AWS-native services, including EC2, IAM, S3, DynamoDB, and a few others. We'll walk through how to use your initial foothold to escalate to other services within the account, or perhaps other accounts. We'll also switch to the blue side to explore why these misconfigurations end up getting set in the first place, best practices, and tips for monitoring and auditing your environments.
A new tool for persisting access to AWS access via STS will also be released and demoed.