This month, we will be joined by hacker-rapper @int0x80 who will be sharing his talk titled “AWS IAM Privilege Escalation Redux”:
You have gained access to an AWS account but lack permissions to complete your objectives. You attempt every privilege escalation path documented online, and none of them work. The objectives now seem impossibly distant; your battery is low and it’s getting dark.
This talk will present a set of IAM privilege escalation paths that I have not seen documented online* accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for IAM privilege escalation in AWS along with a methodology for evaluating potential priv esc paths.
* I am not a subject matter expert on using search engines — best effort given.int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Mastodon and Twitter as @int0x80
As usual, we will be meeting online at https://cafe.cyberia.club/dc612.
Talk starts at 6:12 PM U.S. Central, but feel free to hop in early and chat.