It's Just a Name, Right - Nathan Eades

Permiso’s p0 labs is privileged to have access to diverse data sets that enable the identification of interesting forms of attack, obfuscation, and anomalies. While cloud service providers like AWS allow for broad naming inputs to identities and resources, this approach can lead to some unforeseen consequences. In this talk, we will explore different scenarios we’ve discovered through our research that highlight how the loose nature of AWS’s naming conventions allows for inputs that can negatively affect detection capabilities and …

access attack aws cloud cloud service cloud service providers data data sets enable forms identification identities inputs labs name obfuscation permiso privileged resources service service providers