This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps:
- Identify a server-side request forgery
- Gain access to instance meta-data credentials
- Enumerate IAM permissions
- Privilege escalation
- Connecting to internal VPC services via VPN
Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot will be used during the demos. Join me to learn more about AWS cloud hacking!