Advanced Tradecraft for Hacking AWS Environments
Speaker: Mike Felch (@ustayready)
Date/Time: 10/7/2023 3:15PM
Room: Full Sail Live
In the ever-evolving landscape of cloud security, mastering advanced operator tradecraft is important for effectively evaluating the security controls in an AWS environment. This presentation focuses on moving beyond vulnerability scans and reveals advanced pentesting techniques against an AWS organization, encompassing key domains including Identity and Access Management (IAM), Compute, Storage, Evasion, and Escalation.
Exploring IAM internals, the presentation details how skilled operators navigate complex permissions structures, identify privilege escalation opportunities, and exploit misconfigurations that grant unauthorized access to sensitive resources. Examining compute, techniques are unveiled that assess security boundaries, evade detection mechanisms, and exploit serverless resources to maneuver within a compromised VPC.
We will also focus on how the lack of secured data storage can be exploited, unearthing sensitive information, and circumventing security controls beyond just S3. Evasion techniques will be illustrated mirroring how real-world attackers are able to hide in blindspots all the while gaining access to critical data.
Finally, the presentation will tackle escalation techniques that demonstrate how skilled operators amplify their foothold within AWS environments. Attendees gain insights into escalating privileges, infiltrating critical systems, and pivoting across services to maximize impact. Throughout the presentation, a high-level overview of these advanced techniques will be shared, aimed at equipping security professionals on red teams, as well as, blue teams.