Overview
Explore a security conference presentation that reveals six critical vulnerabilities discovered in AWS services, focusing on the complex interactions between cloud resources and their potential security implications. Dive into detailed explanations of vulnerabilities ranging from remote code execution to information disclosure and denial of service attacks, all of which were subsequently patched by AWS. Learn about the methodology used to identify these security flaws, including techniques for privilege escalation and mapping service external resources. Gain access to an open-source tool for researching service internal API calls and discover methods to audit accounts for historical vulnerability exposure. Master essential best practices for developers working in complex cloud environments and understand emerging areas of focus for cloud security researchers. The presentation concludes with valuable lessons learned and future research directions in cloud security.
Syllabus
DEF CON 32 - Breaching AWS Through Shadow Resources - Yakir Kadkoda, Michael Katchinskiy, Ofek Itach
Taught by
DEFCONConference