Compromising AWS for fun and profit

A presentation at Northern Ireland Developer Conference in in Belfast, UK by Simon Whittaker

We will demonstrate the ease with which a malicious user can escalate privileges and own an AWS account through a very simple IAM mis-configuration. This will include a live demonstration on our own vulnerable AWS account and show a number of tools and methods for testing, compromising and protecting your accounts.