AWS CloudQuarry: Digging for secrets in public AMIs
Eduard Agavriloae, Matei Josephs
DEF CON 32 Main Stage · Day 1 · Main Stage
This talk, "AWS CloudQuarry: Digging for secrets in public AMIs," presented by Eduard Agavriloae and Matei Josephs, unveils a widespread security vulnerability stemming from misconfigured public Amazon Machine Images (AMIs). An **AMI** serves as a template for launching Amazon EC2 instances, essentially a pre-configured snapshot of a virtual machine containing the operating system, applications, and often, critical data. While AMIs are private by default, the research highlights that a significant number are inadvertently made public, exposing their entire contents to anyone with an AWS account.
AI review
Agavriloae and Josephs delivered a critical piece of research exposing a prevalent and dangerous blind spot in AWS security: public AMIs containing live credentials. Their 'CloudQuarry' project systematically scanned tens of thousands of AMIs across all regions, uncovering a trove of active AWS access keys. The talk not only details a clever and cost-effective methodology for accessing these images but also frankly highlights the dismal state of responsible disclosure, with most companies failing to respond or remediate. This is not just theoretical; they found and validated live keys…