Account Jumping Post Infection Persistency & Lateral Movement in AWS

Explore advanced AWS security threats and countermeasures in this Black Hat conference talk. Delve into pre-infection, post-infection, and advanced persistency techniques targeting AWS environments. Learn about "account jumping" for compromising PaaS and IaaS resources, poisoned AMIs, and leveraging S3 and CloudFront for credential theft. Discover how attackers manipulate AWS resources for MITM attacks and hide malicious code using Lambda functions. Examine the risks in hybrid deployments and methods to compromise on-premise datacenters. Gain insights into best practices for protection, including bastion gateways, CASB solutions, AWS audit and HSM capabilities, and isolation approaches. Understand the evolving landscape of AWS-focused APTs and equip yourself with knowledge to safeguard cloud environments.

Introduction
Code Spaces Breach
Hide and Seek
AWS Intro
Infection Phase
Infection Through AWS
Infection Through ThirdParty Services
Survival From Attackers Perspective
Demo
Custom Key
Persistency
New Users
Summary
What can you do