Hack in Paris 2019 – Hacking AWS Workshop
Hack In Paris (June 16th to 20th 2019) attendees will discover the realities of hacking, and its consequences for companies. The program includes state of the art IT security, industrial espionage, penetration testing and countermeasures. This year, during the event we decided to carry out the Hacking AWS training.
Hacking AWS Lab (19-20.06.2019), Paweł Rzepa
This workshop shows how tiny misconfigurations in AWS can lead to complete takeover of cloud resources. During the workshop the audience will learn how to detect and exploit the misconfigurations. The workshop consists of 2 parts with hands-on, scenario-based labs. The first part will be about finding and exploiting issues related with AWS S3 service: how to detect company resources in cloud and how to automatically scan them in search of valuable information. The second part will be focused on privilege escalation scenario: from little permissions to administrator in AWS.
More and more companies decide to migrate their services to the Cloud and majority of them choose Amazon Web Services. While DevOps are focused on deploying stable environments, security is not their highest priority. Many of DevOps aren’t aware that little mistakes in configuring AWS can cost you huge amount of money or even kick your company out of the market.
The workshop is focused on 2 the most common misconfigurations in AWS, which are: improper permissions and data leaks. During the first part you’ll practice with tools to detect S3 misconfigurations and you’ll learn how to automatically scan the leaked content in search of keys and passwords using the DumpsterDiver. Then, you’ll learn how to escalate your privileges using the AWS exploitation framework – Pacu.