Hack in Paris 2019 – Hacking AWS Workshop

Hack In Paris (June 16th to 20th 2019) attendees will discover the realities of hacking, and its consequences for companies. The program includes state of the art IT security, industrial espionage, penetration testing and countermeasures. This year, during the event we decided to carry out the Hacking AWS training.
hackinparis-2019-hacking-aws-workshop

 

Hacking AWS Lab (19-20.06.2019), Paweł Rzepa

 

This workshop shows how tiny misconfigurations in AWS can lead to complete takeover of cloud resources. During the workshop the audience will learn how to detect and exploit the misconfigurations. The workshop consists of 2 parts with hands-on, scenario-based labs. The first part will be about finding and exploiting issues related with AWS S3 service: how to detect company resources in cloud and how to automatically scan them in search of valuable information. The second part will be focused on privilege escalation scenario: from little permissions to administrator in AWS.

 

More and more companies decide to migrate their services to the Cloud and majority of them choose Amazon Web Services. While DevOps are focused on deploying stable environments, security is not their highest priority. Many of DevOps aren’t aware that little mistakes in configuring AWS can cost you huge amount of money or even kick your company out of the market.

 

The workshop is focused on 2 the most common misconfigurations in AWS, which are: improper permissions and data leaks. During the first part you’ll practice with tools to detect S3 misconfigurations and you’ll learn how to automatically scan the leaked content in search of keys and passwords using the DumpsterDiver. Then, you’ll learn how to escalate your privileges using the AWS exploitation framework – Pacu.

 

More details: https://hackinparis.com/workshops/#workshop-2019-hacking-aws-june-19-june-20-pm

Other articles

Stay tuned!

  • Articles and free security guides
  • Reports
  • Presentations and news from conferences around the world
Providing personal data is voluntary. We will send the newsletter until the consent is withdrawn (You can withdraw your consent at any time). Your data will be processed for a period specified in the Privacy Policy available at the following URL.
The Data Controller is SecuRing SJ with the registered office at ul. Kalwaryjska 65/6, 30-504 Kraków. I have the right to withdraw my consent at any time (by sending an e-mail to the address info@SecuRing.pl or by phone: +48 (12) 425 25 75). I have the right to access, rectify, erase or limit the processing of my personal data, the right to object, the right to file a complaint with the supervisory authority and right to transfer data. The legal basis for the processing of personal data is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
The Data Controller uses various IT solutions that allow for more efficient communication and cooperates with entities supporting it in its business and IT processes (i.e. these companies are data recipients/processors). Data are not transferred outside the European Economic Area. These companies have signed appropriate contracts for entrustment of personal data processing.
Thank you for subscribing.
Something went wrong.
Please contact us by phone.