Account Jumping Post Infection Persistency and Lateral Movement AWS

by Dan Amiga, Dor Knafo
Sept. 14, 2017 1 comment aws

This session will cover several methods of infection including a new concept - "account jumping" for taking over both PaaS (e.g. ElasticBeans) and IaaS (EC2, EC2 Containers) resources, discussing poisoned AMIs, dirty account transfer, as well as leveraging S3 and CloudFront for performing AWS specific credentials thefts that can easily lead to full account access.

Steven Ulm 8 months ago

PaaS and IaaS are very specific resources but very vulnerable and easy to "infect". Another great BlackHat presentation!