Overview
Explore undocumented AWS APIs in this 26-minute conference talk from fwd:cloudsec Europe 2024, where Staff Security Researcher Nick Frichette reveals methodologies for discovering thousands of hidden AWS APIs at scale. Learn about the security implications of these undocumented APIs, including their role in cross-tenant resource manipulation, CloudTrail detection evasion, and privilege escalation vulnerabilities. Gain insights from Frichette's year-long research analyzing undocumented APIs, understand the challenges faced during the investigation, and discover how to use the newly released open-source tool for identifying hidden APIs. Benefit from the expertise of a recognized AWS security specialist known for discovering zero-day vulnerabilities and contributing to Hacking the Cloud, an open-source encyclopedia for cloud security. Access accompanying presentation slides to enhance understanding of the discussed AWS security concepts and methodologies.
Syllabus
Hidden Among the Clouds: A Look at Undocumented AWS APIs ~ Nick Frichette
Taught by
fwd:cloudsec