Presentation Material
Abstract
Cloud infrastructure security is an oft-neglected topic when businesses invest in securing their web apps. Ensuring that a once-secured environment remains secure is even more challenging. In this presentation, we demonstrate common types of attacks against cloud infrastructure, taking the example of AWS. We show how scarily easy it is to attack misconfigured services such as AWS Security Groups, databases, S3 buckets and Network ACLs. After our demonstration of the exploits, we discuss techniques for automated scanning of various AWS services and resources.
Presented at Security Fest 2022.