Saturday, August 10 • 1:00pm - 2:00pm
Attacking & Defending AWS S3 Bucket

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In the recent past, we have seen various well-known organizations encountered AWS S3 bucket data leak exposing millions of customer records and confidential corporate information. Hackers enumerate and try to find out publicly accessible S3 buckets because it’s like public share with juicy information. In most of the cases, it was seen that excessive permissions and misconfiguration were the main reasons for data exposure. In the run to get the most benefit of cloud, security considerations are avoided or ignored leaving S3 bucket exposed. Though Organizations are working hard to secure data in the cloud more efforts are required to put in place to make sure people, process and technology work hand in hand to protect data in the cloud. In this talk, the audience will learn to enumerate public S3 buckets, gain access to them through open sources tools. Further, they will be demonstrated to exploit READ, WRITE, READ_ACP, WRITE_ACP or FULL permissions on buckets/objects to download sensitive information or upload unintended content. Following, the AWS security tools, services and features will be recommended to secure and restrict S3 buckets. The emphasis is on customer responsibilities, so that they understand importance of their role in securing S3 and circumvent misconfigurations.


Saturday August 10, 2019 1:00pm - 2:00pm
Acacia D