尼克·弗里谢特_踢开云的门利用云提供商漏洞获得初始访问权限.pdf

1、#BHUSA BlackHatEventsKicking in the Door to the Kicking in the Door to the Cloud:Exploiting Cloud Cloud:Exploiting Cloud Provider Vulnerabilities for Provider Vulnerabilities for Initial AccessInitial AccessNick Frichette#BHUSA BlackHatEvents#BHUSA BlackHatEventsBoringBoring#BHUSA BlackHatEventsLeak

2、ed Access Keys#BHUSA BlackHatEventsLeaked Access KeysExposed S3 Bucket#BHUSA BlackHatEventsLeaked Access KeysExposed S3 BucketExploited EC2 Instance#BHUSA BlackHatEventsWhy is it,when something happens,its always one of you three?Leaked Access KeysExposed S3 BucketExploited EC2 Instance#BHUSA BlackH

3、atEventsBoringBoring#BHUSA BlackHatEventsAWS ServiceAssumeRoleVictim AWS AccountSQS QueueRDS DatabaseIAM RoleS3 Bucket#BHUSA BlackHatEventsIcon source:https:/ AWS ServiceAttacker AWS AccountAssumeRoleVictim AWS AccountSQS QueueRDS DatabaseIAM RoleS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS

4、 AccountAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS AccountAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS Account1.How trust is establishedAssumeRoleVictim AWS AccountProb

5、lemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsVictim AWS AccountAWS ServiceAttacker AWS Account2.Discuss two example vulnerabilities1.How trust is establishedAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket#BHUSA BlackHatEventsAWS ServiceAttacker AWS Account2.Discuss two exa

6、mple vulnerabilities1.How trust is establishedAssumeRoleVictim AWS AccountProblemSQS QueueRDS DatabaseS3 Bucket3.Prevention options#BHUSA BlackHatEventsHow Trust is Established in AWS#BHUSA BlackHatEventsRole Trust Policies in ActionAWS Lambda ServiceMy AWS AccountMy IAM RoleLambda FunctionAssumeRol