SANS Live Hack: Common Paths to Breach From 1 Compromised AWS Identity

The greatest risk to data security in the public cloud is its own complexity and scale. Breach tactics remain, on the whole, mundane: bad actors simply take advantage of the labyrinth of identity structures within the public cloud infrastructure. The sheer number of interlocking entities, permissions, roles, and privileges in a modern enterprise cloud presents many opportunities for unintentional paths to data via compromised identities. SANS and AWS experts will walk you through a live data breach.

The best way to visualize this is to actually see it from a hackers perspective – so we’re doing this live in the cloud to show the most common paths to a data breach in AWS. We’re using simple command-line arguments to compromise an identity in a typical s3 bucket and make our way to sensitive data. We’ll go through how bad actors can easily abuse concepts like:

• Privilege escalations
• Trust relationships
• Toxic identity combinations
• Improper separation of duties

Watch this SANS AWS webinar to learn more.