[BSidesCT] Learning from AWS (Customer) Security Incidents

Nov 14, 20

On November 14th, 2020, I gave a 30-minute talk at BSidesCT. The details are recorded here for posterity.

Abstract

In light of the increasing adoption of cloud computing, there have has been broad coverage of the compromise of customer environments in the cloud. In both popular and technical literature however, there has been a focus on the most egregious, simplest breaches (i.e open S3 buckets). However, deeper analysis shows a much broader variety of tactics currently exploited by attackers and researchers to compromise cloud environments.

This talk will, with a focus on AWS, discuss over a dozen different public breaches. We’ll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.

Materials

The slide deck is available on SpeakerDeck.

A recording of the talk is available on Youtube.