Breaking the Isolation - Cross-Account AWS Vulnerabilities

Explore a critical Black Hat conference talk unveiling cross-account vulnerabilities in multiple AWS services. Discover how attackers could manipulate AWS services to perform actions on other clients' resources due to unsafe identity policies. Learn about proven vulnerabilities in AWS Config, Cloudtrail, and Serverless Repository that allowed potential attackers to write and read objects from private S3 buckets. Delve into the root causes of these vulnerabilities and their implications for AWS security. Gain insights from security experts Shir Tamari and Ami Luttwak as they present their findings in this 32-minute session, shedding light on the importance of proper isolation and security measures in cloud environments.