Evading Logging in the Cloud Disrupting and Bypassing AWS CloudTrail - Nick Frichette

Abstract: AWS customers rely on CloudTrail for continuous monitoring and detection of security incidents within their cloud environments. However, what if an adversary were able to circumvent this crucial security layer, enabling them to perform stealthy reconnaissance and even altering the environment without leaving a trace?

In this talk I will discuss techniques seen in the wild to disable CloudTrail logging and how security teams can respond to this. In addition, I will cover multiple vulnerabilities that allowed me to …

adversary aws aws cloudtrail bypassing cloud cloud environments cloudtrail continuous continuous monitoring customers detection environment environments incidents logging logging in monitoring nick reconnaissance security trace