Identifying Cross-Account Attack Paths in AWS Environments at Scale
Cross-account IAM role trust relationships can enable complex and hard to detect attack paths in AWS environments. In large AWS organizations, analysing such paths manually is practically impossible due to many different configurations involved. But what if we could simplify such analysis a bit?
This talk will outline how attackers could exploit AWS IAM role trust relationships and demonstrate how to reveal the routes attackers could take inside your AWS environment.
Aleksi Kallio is a security consultant at WithSecure where he focuses mostly on cloud security. He has several years' experience in helping clients to secure their systems and environments. Aleksi is interested in all things related to security and cloud, and especially the combination of the two.