Explore the security challenges and vulnerabilities of migrating to and operating in Amazon Web Services (AWS) in this 47-minute Black Hat conference talk. Delve into the concept of "full stack" vulnerabilities and learn about new security pitfalls that arise when transitioning to the AWS Cloud. Discover unexpected and unintended ways applications and infrastructure may be exposed to attacks due to misunderstandings, ignorance, or malicious actors. Gain insights into assessing AWS applications, mapping interactions between infrastructure and code, and achieving clarity in the Amazon Cloud environment. Learn about topics such as cloud metadata, credential exposure, API access control, and DevOps culture. Understand the importance of proper permissions analysis, change tracking, and utilizing appropriate tools to enhance security in AWS deployments.
Overview
Syllabus
Intro
Cloud is an Operating System
Code of the Operating System
AWS Application
Application Security
Servers
Digital or Virtual
Internet Weather
Guaranteed Failure
Response vs Control
The API
What is my new attack surface
Physical access
Credential exposure
Nuke the entire data center
Traditional controls
API keys
The good news
How to know quickly
Metadata
Cloud Metadata
Wget
Credentials
Unintended Proxy
Prezi
Controlling API Access
Dont Use Your Bill as an ID
Turn on CloudTrail
Excessive Lack of Access Control
DevOps Culture
Tags
EC2 Classic
AWS Buckets
Full Stack Hack
Big Systems
Making Life Easier
Permissions Analysis
Track Change
Other Tools
Questions
Taught by
Black Hat
