Unit 42 researchers Jay Chen, Senior Cloud Vulnerability and Exploit Researcher, Public Cloud Security and Nathaniel “Q” Quist, Senior Threat Researcher, Public Cloud Security host a unique opportunity to delve into the depths of the latest Unit 42 Cloud Threat Report. Participants will learn:
How Unit 42 researchers were able to compromise an entire AWS® environment from a single misconfigured IAM trust policy.
During the Red Team exercise, Unit 42 researchers identified an IAM role used by hundreds of users, which they were able to compromise. This allowed them to achieve administrative access outside of the development area. Once outside of development, the misconfigured IAM role allowed researchers to identify and hijack a legitimate administrator account and establish full administrative control over the entire cloud environment.
Unit 42 researchers will also provide the latest findings on risks stemming from IAM misconfigurations, updates on cloud security trends – looking for clear indications of the overall security posture of cloud infrastructure.