Exploiting, detecting, and correcting IAM security misconfigurations

Bad Actor

Conclusion

The real-life scenario attacks presented in this article show how it's possible for an adversary to use IAM security misconfigurations to gain high privileges inside a cloud environment. Such attacks can start with valid credentials found online or obtained by tricking users in a phishing attack and can proceed with further privilege escalation to take control of an account.

By leveraging AWS features such as CloudTrail and CloudWatch, among others, it's possible to get alerts when changes are applied in your environment, triggering automatic responses.

The Author

Stefano Chierici is a security researcher at Sysdig, where his research focuses on defending containerized and cloud environments from attacks ranging from web to kernel. Stefano is a contributor to Falco, an incubation-level Cloud Native Computing Foundation (CNCF) project. He studied cyber security in Italy, and before joining Sysdig, he was a pen tester, a security engineer, and a red team member. In 2019, he obtained the Offensive Security Certified Professional (OSCP) Certification.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus