Slides of my talk on using mis-configurations, overtly permissive IAM policies and application security vulnerabilities to get shells in AWS EC2 instances and go beyond the plane of attack. Presented at OWASP Bay Area August 2019 meetup.

The talk covers 3 scenarios that were built using real world cases of penetration testing exercises that led to shell access and access to data beyond the EC2 instances that were compromised.

The presentation contains commands and example output for all the scenarios covered.

3 Scenarios covered are

  • Case 1: Misconfigured bucket to system shells
  • Case 2: SSRF to Shell via IAM Policies
  • Case 3: Client-Side Keys, IAM Policies and a Vulnerable Lambda