Recent Posts
Archives

AI BEA CTO Cybersecurity DefCon32 Devoxx DevoxxBE2023 DevoxxBE2024 DevoxxFR DevoxxGR2025 DevoxxGreece2025 DevoxxPL2022 DevoxxPoland DevoxxUK2024 DevoxxUS2017 Docker Eclipse EJB GWT Hibernate IntelliJ IDEA Java Jetty JMS Jonathan Lalou JSF Kotlin Kubernetes Maven Maven 2 Microservices Mule Mule ESB Oracle OxidizeConf2024 Python recommendation RustLang Security Spring SQL Tomcat tutorial Weblogic Weblogic 10

PostHeaderIcon [DefCon32] AWS CloudQuarry: Digging for Secrets in Public AMIs

Author: Jonathan Lalou | April 30, 2025

Eduard Agavriloae and Matei Josephs, security researchers from KPMG Romania and Syncubes, present a chilling exploration of vulnerabilities in public Amazon Machine Images (AMIs). Their project, scanning 3.1 million AMIs, uncovered exposed AWS access credentials, posing risks of account takeovers. Eduard and Matei share their methodologies and advocate for robust cloud security practices to mitigate these threats.

Uncovering Secrets in Public AMIs

Eduard opens by detailing their CloudQuarry project, which scanned millions of public AMIs using tools like ScoutSuite. They discovered critical findings, such as exposed access keys, that could enable attackers to compromise AWS accounts. Supported by KPMG Romania, Eduard and Matei’s research highlights the pervasive issue of misconfigured cloud resources, a problem they believe will persist due to human error.

Methodologies and Tools

Matei explains their approach, leveraging automated tools to identify public AMIs and extract sensitive data. Their analysis revealed credentials embedded in AMIs, often overlooked by organizations. By responsibly disclosing findings to affected parties, Eduard and Matei avoided exploiting these keys, demonstrating ethical restraint while highlighting the potential for malicious actors to cause widespread damage.

Risks of Account Takeover

The duo delves into the consequences of exposed credentials, which could lead to unauthorized access, data breaches, or ransomware attacks. Their findings, shared with companies expecting only T-shirts in return, underscore the ease of exploiting public AMIs. Eduard emphasizes the adrenaline rush of discovering such vulnerabilities, reflecting the stakes in cloud security.

Strengthening Cloud Security

Concluding, Matei advocates for enhanced configuration reviews and automated monitoring to prevent AMI exposures. Their collaborative approach, inviting community feedback, reinforces the importance of collective vigilance in securing cloud environments. By sharing their tools and lessons, Eduard and Matei empower organizations to fortify their AWS deployments against emerging threats.

Links:

Posted in en-US | Tags: , , , , , , ,

Leave a Reply

(c) 2008 Jonathan Lalou's Blog
All Rights Reserved.

Powered by WordPress and WordPress Theme | Host-euro.