Inc. Twitter: @riyazwalikar, Blog: https://ibreak.software • Over a decade of experience in breaking web & mobile apps, networks, wireless, cloud and most recently container and Kubernetes • Have led Product Security and Consulting teams at Citrix and PwC SDC in a past life and was the OffSec Lead at Appsecco before moving on to co-founding Kloudle • Have multiple certifications as a result of my learning curve over the years, including CKA, CKAD, OSCP, CREST etc. (also, because they look cool on LinkedIn ☺) • Speaker at multiple cons, co-author, trainer, security evangelist with a short attention span and attracted to all things shiny
IAM policy? • Common examples of a misconfigured or overly permissive policy • Demo of a misconfiguration within a policy that leads to privilege escalation. • Q&A
an object in AWS that, when associated with an identity or resource, defines their permissions. • AWS evaluates these policies when an IAM principal (user or role) makes a request. • Permissions in the policies determine whether the request is allowed or denied.
escalation, we work with the assumption that we have gained access to General Tarkin’s AWS credentials • These credentials appear to be non-privileged. • Our aim is to exploit a mis-configuration with the user’s policy definition and gain access to the employee database for the Death Star
will get, explore what else is available within the AWS account • Attackers tend to focus on data theft/destruction and make an attempt to use resources for their own benefit (like crypto-mining) etc. • Some attackers create a shadow admin account and use this as a backdoor • To hide their traces within AWS, attacker may also remove AWS logs (CloudTrail, flowlogs etc.).
kloudleinc
oracle4engineer
meteatamel
ham0215
koki_nishihara
oleur
ju_hnny5
__allllllllez__
kommy339
foursue
soudai
daikikanemitsu
tahia910
gr2m
addyosmani
destraynor
yeseniaperezcruz
caitiem20
marcelosomers
reverentgeek
tanoku
robhawkes
jakevdp
panda_program
