PWNING AWS CLOUD SERVICES

Mohammed Aldoub

In this talk, I will talk and demo the many ways to skin and attack multiple essential AWS cloud services, such as attacks against Serverless functions (AWS Lambda) (e.g. Serverless Event Injection), attacks against EC2 instances (even without having access to SSH keys!), methods to backdoor compromised AWS accounts, cloud-wide credential theft, and other attacks. 

In the talk I'll also demo my new tool "barq", the customer AWS post-exploitation tool!

Infosec in the City. Copyright © 2017-2019
IIC Productions (Pte. Ltd.). All rights reserved.

  • @infoseccity
  • @infosec_city

Contact Us  |  Join Our Mailing List   |  Follow Us :