Pwning AWS: Exploiting Cloud Misconfigurations
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
This talk, "Pwning AWS: Exploiting Cloud Misconfigurations," delivered by Bhagwan Bolina and Deepak at Cloud Village, provides an insightful introduction to the world of AWS penetration testing. Geared towards individuals with some AWS experience but limited pentesting exposure, the presentation systematically walks through common misconfigurations within Amazon Web Services (AWS) environments and demonstrates practical methods for their exploitation. The speakers, both passionate about security, showcase how seemingly minor oversights in cloud resource provisioning and identity management can lead to significant security breaches, including full administrative access.
AI review
A competent tutorial dressed up as conference research. Everything here — IAM policy versioning abuse, Lambda env var credential exposure, SSRF to IMDS — is well-documented, widely covered material that was stale before COVID. CloudGoat is a fine training tool, but walking through its canned scenarios doesn't constitute original research.