In this talk we will explore vulnerabilities in Amazon Web Services (AWS) products which allowed us to gain access to cloud environments. Traditionally, adversaries have abused misconfigurations and leaked credentials to gain access to AWS workloads. Things like exposed long-lived access keys and exploiting the privileges of virtual machines have allowed adversaries to breach cloud resources. However, these mistakes are on the customer side of the shared responsibility model. In this session, we will cover vulnerabilities in AWS services that have been fixed and that previously allowed us to access cloud resources. We will start with an exploration of how Identity and Access Management (IAM) roles establish trust with AWS services and cover the mechanisms that prevent an adversary from assuming roles in other AWS accounts. We'll then demonstrate a vulnerability that bypassed those protections. We'll cover a real world example of a confused deputy vulnerability we found in AWS AppSync that allowed us to hijack IAM roles in other accounts. Next, we'll highlight potential misconfigurations involving IAM roles leveraging sts:AssumeRoleWithWebIdentity. These misconfigurations could permit unauthorized global access to these roles without the need for authentication, affecting services like Amazon Cognito, GitHub Actions, and more. Finally, we'll cover a vulnerability we found in AWS Amplify that exposed customer IAM roles associated with the service to takeover, allowing anyone the ability to gain a foothold in that victim account. We'll also discuss how security practitioners can secure their environments, even against a zero-day like one we'll demonstrate. Join us to learn how attackers search for and exploit vulnerabilities in AWS services to gain access to cloud environments. By: Nick Frichette | Staff Security Researcher, Datadog Full Abstract and Presentation Materials: https://ift.tt/Pstmazu
source https://www.youtube.com/watch?v=rykpVoAQiSI
-
Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding....
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
No comments:
Post a Comment