Pwning AWS Cloud Services — by Mohammed Aldoub
#IICSG2019 Conference Deep-Tech Track
Day 1 (19 Jun 2019)
@ Breakout Room 1
In this talk, I will talk and demo the many ways to skin and attack multiple essential AWS cloud services, such as attacks against Serverless functions (AWS Lambda) (e.g. Serverless Event Injection), attacks against EC2 instances (even without having access to SSH keys!), methods to backdoor compromised AWS accounts, cloud-wide credential theft, and other attacks.
In the talk, I'll also demo my new tool "barq", the customer AWS post-exploitation tool!