ECS-cape – 劫持 Amazon ECS 中的 IAM 权限.pdf

《ECS-cape – 劫持 Amazon ECS 中的 IAM 权限.pdf》由会员分享，可在线阅读，更多相关《ECS-cape – 劫持 Amazon ECS 中的 IAM 权限.pdf（129页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsExpanding Privileges in the Cloud:Exploring Security Boundaries in Amazon ECSECScape#BHUSA BlackHatEvents$whoamiNaor HazizIsrael Software DeveloperSecurity ResearcherSweet Security#BHUSA BlackHatEvents04050601AgendaTechnical BackgroundStory TimeECScapeMitigation0203Impact Demo#B

2、HUSA BlackHatEvents33%Of Developers Using Orchestration Technologies rely on Amazon ECSCNCF Annual Survey 2021#BHUSA BlackHatEvents01Technical Background#BHUSA BlackHatEventsWhat is IAM?#BHUSA BlackHatEventsRolePolicy#BHUSA BlackHatEventsAmazonS3FullAccessAmazonEC2FullAccessCloudWatchFullAccess#BHUS

3、A BlackHatEventsRoleAssumeWhat Is Amazon ECS?ECSK8S#BHUSA BlackHatEventsECS ClusterEC2EC2#BHUSA BlackHatEventsEC2#BHUSA BlackHatEventsInstance RoleEC2#BHUSA BlackHatEventsInstance RoleEC2AmazonEC2ContainerServiceforEC2Role#BHUSA BlackHatEventsEC2#BHUSA BlackHatEventsEC2TaskService#BHUSA BlackHatEven

4、tsService#BHUSA BlackHatEventsServiceTask#BHUSA BlackHatEventsServiceTaskTaskTask#BHUSA BlackHatEventsTask#BHUSA BlackHatEventsTaskContainerContainerContainer#BHUSA BlackHatEventsContainerTaskTask RoleTask Execution Role#BHUSA BlackHatEventsTaskTask Execution Role#BHUSA BlackHatEventsTask#BHUSA Blac

5、kHatEventsContainerTaskTask Role#BHUSA BlackHatEventsEC2TaskTaskTaskRole 1Role 2Role 3ECS Launch ModesFargateEC2#BHUSA BlackHatEventsECS Launch ModesEC2#BHUSA BlackHatEvents#BHUSA BlackHatEventsEC2Instance RoleECS Agent#BHUSA BlackHatEventsEC2Instance RoleECS AgentECS Agent#BHUSA BlackHatEventsEC2EC

6、S Agent#BHUSA BlackHatEventsEC2Container Instance02Story Time#BHUSA BlackHatEventsCan you monitor ECS tasks?Sure,lets try#BHUSA BlackHatEvents#BHUSA BlackHatEventsEC2ECS Agent#BHUSA BlackHatEventsEC2ExceptThe ServiceName#BHUSA BlackHatEventsAmazon ECS task metadata endpoint#BHUSA BlackHatEvents#BHUS