Goal • Obtaining Confidential Information • Customer Information, Employee Information, Company Information, … • AWS: S3, RDS, DynamoDB, EBS, EFS, Secrets Manager, … • Misuse of AWS Resources • Mining, Malware Distribution, DoS Attack, … • AWS: EC2, Lambda, S3, Fargate, … • Negative Business Impact • Suspension of Service, Repair Cost, Impression Manipulation, Stock Prices, … • Initial Objectives • Obtain Credentials for AWS, APIs, etc. 7 Points