Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Watch a 23-minute conference talk exploring how AWS's permissive naming conventions for identities and resources can be exploited for malicious purposes. Dive into research findings from Permiso's p0 labs that reveal various attack scenarios and obfuscation techniques made possible through loose naming requirements. Learn about real-world examples where broad input parameters led to detection challenges and false positives, understand the anatomy of these attacks, and examine specific cases involving AWS managed policy obfuscation and notorious hacking groups. Gain practical insights into reviewing logs effectively, implementing Service Control Policies (SCPs), and balancing machine trust with human oversight to better protect cloud environments from naming-based security threats.
