Automating IMDS Protection at Scale in AWS - Metabadger Tool Overview

Discover how to automate IMDS protection at scale in AWS environments with Metabadger in this 33-minute conference talk by Ashish Patel, Product Security Engineer at Salesforce. Learn about the vulnerabilities associated with AWS Instance Metadata Service (IMDS) and how attackers have exploited them in previous breaches. Explore the benefits of upgrading to IMDSv2 and the challenges of implementing it across thousands of EC2 instances without causing downtime. Gain insights into Metabadger, an open-source tool developed by Salesforce, which enables rapid and safe upgrading of EC2 instances to use IMDSv2, preventing SSRF-based theft of EC2 Metadata Credentials. Understand the components of AWS Instance Metadata Service, security and operational recommendations for upgrading to IMDSv2, and automation strategies for simplifying the migration process. Watch a demonstration of Metabadger in action and explore future architecture goals for enhancing AWS compute infrastructure security.

Introduction
What is Metadata
V2 Attack Chain
Why should we use it
Tooling
Discovery
Metabadger
Problem Statement
Metabadger Overview
Future Architecture Goals
Demo