Step by step AWS Cloud Hacking

Tools (716AB) October 9, 2019 1:30 pm - 2:30 pm Feedback     

Bookmark and Share

Andrés Riancho

This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps:

  • Identify a server-side request forgery
  • Gain access to instance meta-data credentials
  • Enumerate IAM permissions
  • Privilege escalation
  • Connecting to internal VPC services via VPN

Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot will be used during the demos. Join me to learn more about AWS cloud hacking!