PWNING AWS CLOUD SERVICES
In this talk, I will talk and demo the many ways to skin and attack multiple essential AWS cloud services, such as attacks against Serverless functions (AWS Lambda) (e.g. Serverless Event Injection), attacks against EC2 instances (even without having access to SSH keys!), methods to backdoor compromised AWS accounts, cloud-wide credential theft, and other attacks.
In the talk I'll also demo my new tool "barq", the customer AWS post-exploitation tool!