Exploiting Cloud Provider Vulnerabilities for Initial Access in AWS

Explore critical AWS security vulnerabilities and exploitation techniques in this DEF CON 32 conference talk. Dive deep into the mechanisms behind IAM role trust relationships with AWS services and learn about previously discovered vulnerabilities that enabled unauthorized cloud resource access. Examine a real-world confused deputy vulnerability in AWS AppSync that allowed IAM role hijacking across accounts. Understand potential misconfigurations in IAM roles using sts:AssumeRoleWithWebIdentity that could grant unauthorized global access without authentication, affecting Amazon Cognito, GitHub Actions, and other services. Discover a vulnerability in AWS Amplify that exposed customer IAM roles to takeover attempts, and learn essential security practices to protect cloud environments against similar zero-day exploits. Master the techniques adversaries use to identify and exploit AWS service vulnerabilities, moving beyond traditional misconfiguration and credential leak scenarios to understand cloud provider-side security weaknesses.