Hacking AWS IAM: Live Walkthrough

Identity and access management in the cloud remains the most fertile ground for high-value exploitations. So why is it still the least understood part of AWS? For starters, the way RBAC was implemented in the public cloud created a series of unintended consequences (role proliferation, etc) that confound security. Add to that how confusing the interconnecting IAM policy logic tree is. Then consider most are trying to understand ‘identity’ in the cloud as something akin to human credentials… when it’s far from that. Add it all together, and you have the beautiful mess we’re trying to manage today.

Jeff Moncrief’s been puzzling through the how and why of cloud IAM for the past few years. He found the best way to learn IAM is to just break it. Join Jeff as he deploys his ‘IAM walker’ script and shows the holes in a typical AWS environment, moves laterally from a typically ec2 exploit, abuses privilege escalation, steals data, and exfiltrates successfully without detection. Along the way, he’ll discuss:

• Why we misunderstand the purpose of IAM in AWS
• Rethinking IAM responsibilities of devs vs. security without breaking workloads
• Different control points in AWS, like implementing service-level security and designating ‘sensitive permissions’