SANS Live Hack: Common Paths to Breach From 1 Compromised AWS Identity
Dave Shackleford, Analyst, SANS Technology Institute
The greatest risk to data security in the public cloud is its own complexity and scale. Breach tactics remain, on the whole, mundane: bad actors simply take advantage of the labyrinth of identity structures within the public cloud infrastructure. The sheer number of interlocking entities, permissions, roles, and privileges in a modern enterprise cloud presents many opportunities for unintentional paths to data via compromised identities. SANS and AWS experts will walk you through a live data breach.
The best way to visualize this is to actually see it from a hackers perspective – so we’re doing this live in the cloud to show the most common paths to a data breach in AWS. We’re using simple command-line arguments to compromise an identity in a typical s3 bucket and make our way to sensitive data. We’ll go through how bad actors can easily abuse concepts like:
Watch this SANS AWS webinar to learn more.