Exploiting Cloud Provider Vulnerabilities for Initial Access in AWS

Explore a Black Hat conference talk that delves into critical vulnerabilities within Amazon Web Services (AWS) products that enabled unauthorized access to cloud environments. Learn how IAM roles establish trust with AWS services and discover a vulnerability that bypassed protective mechanisms. Examine a real-world confused deputy vulnerability in AWS AppSync that allowed IAM role hijacking across accounts. Understand potential misconfigurations in IAM roles using sts:AssumeRoleWithWebIdentity that could enable unauthorized global access without authentication, affecting Amazon Cognito, GitHub Actions, and other services. Investigate a vulnerability in AWS Amplify that exposed customer IAM roles to takeover, providing unauthorized access to victim accounts. Gain insights into securing cloud environments against zero-day vulnerabilities and learn how attackers identify and exploit AWS service vulnerabilities for initial access.