BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Kicking in the Door to the Cloud: Exploiting Cloud P
 rovider\n   Vulnerabilities for Initial Access\n   When: Friday\, Aug 9\, 
 12:30 - 13:15 PDT\n   Where: LVCC West/Floor 1/Hall 1/Track 3 - [1]Map\n\n
    Description:\n\n   In this talk we will explore vulnerabilities in Amaz
 on Web Services\n   (AWS) products which allowed us to gain access to clou
 d environments.\n\n   Traditionally\, adversaries have abused misconfigura
 tions and leaked\n   credentials to gain access to AWS workloads. Things l
 ike exposed\n   long-lived access keys and exploiting the privileges of vi
 rtual\n   machines have allowed adversaries to breach cloud resources. How
 ever\,\n   these mistakes are on the customer side of the shared responsib
 ility\n   model. In this session\, we will cover vulnerabilities in AWS se
 rvices\n   that have been fixed and that previously allowed us to access c
 loud\n   resources.\n\n   We will start with an exploration of how Identit
 y and Access\n   Management (IAM) roles establish trust with AWS services 
 and cover the\n   mechanisms that prevent an adversary from assuming roles
  in other AWS\n   accounts. Weā€™ll then demonstrate a vulnerability that 
 bypassed those\n   protections. Weā€™ll cover a real world example of a co
 nfused deputy\n   vulnerability we found in AWS AppSync that allowed us to
  hijack IAM\n   roles in other accounts.\n\n   Next\, we'll highlight pote
 ntial misconfigurations involving IAM roles\n   leveraging sts:AssumeRoleW
 ithWebIdentity. These misconfigurations\n   cloud permit unauthorized glob
 al access to these roles without the\n   need for authentication\, affecti
 ng services like Amazon Cognito\,\n   GitHub Actions\, and more.\n\n   Fin
 ally\, weā€™ll cover a vulnerability we found in AWS Amplify that\n   expo
 sed customer IAM roles associated with the service to takeover\,\n   allow
 ing anyone the ability to gain a foothold in that victim account.\n   Weā€
 ™ll also discuss how security practitioners can secure their\n   environme
 nts\, even against a zero-day like one weā€™ll demonstrate.\n\n   Join us 
 to learn how attackers search for and exploit vulnerabilities\n   in AWS s
 ervices to gain access to cloud environments.\n\n     * [2]link\n\n     * 
 [3]link\n\n   SpeakerBio:  Nick Frichette\, Staff Security Researcher at D
 atadog\n\n   Nick Frichette is a Staff Security Researcher at Datadog\, wh
 ere he\n   specializes in offensive AWS security. He is known for finding\
 n   multiple zero-day vulnerabilities in AWS services and regularly\n   pu
 blishing on new attack techniques. In addition to his research\, Nick\n   
 is the creator and primary contributor to Hacking the Cloud\, an open\n   
 source encyclopedia of offensive security capabilities for cloud\n   envir
 onments. He is also a part of the AWS Community Builder Program\,\n   wher
 e he develops content on AWS security.\n\n   '\n\n   1. #LVCCW_Level1_Hall
 1\n   2. https://securitylabs.datadoghq.com/articles/amplified-exposure-ho
 w-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/\n   3. https://
 securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/\n\n\
 n
DTEND:20240809T201500Z
DTSTART:20240809T193000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 3
SUMMARY:Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnera
 bilities for Initial Access
END:VEVENT
END:VCALENDAR