Breaching AWS Accounts Through Shadow Resources
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This Black Hat USA talk, "Breaching AWS Accounts Through Shadow Resources," presented by Yakir Kadkoda, Michael Katchinskiy, and Ofek Itach from Aqua Security Team Nautilus, delves into a critical and often overlooked attack surface within Amazon Web Services: automatically generated "shadow resources." The researchers demonstrate how these resources, which are typically spawned without explicit user intervention and can go unnoticed, can be leveraged through various vulnerabilities to compromise AWS accounts. The most severe of these vulnerabilities allows an attacker to inject an administrative role into a victim's AWS account, granting full control.