Introducing Pathfinding.cloud, a library of privilege escalation paths in AWS
securitylabs.datadoghq.com/articles/int...
by @sethsec.bsky.social
I’m excited to share our research on the “whoAMI” attack. We discovered that AWS customers pulling AMI IDs insecurely could accidentally use malicious images instead of the legitimate ones— leading to remote code execution.
securitylabs.datadoghq.com/articles/who...
When I first started reading this I though,t “is this really news, this issue has been around for years…” but then it gets interesting - kudos to the researchers on this one!
The February edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
featuring @sethsec.bsky.social, @mccune.org.uk, @karimscloud.bsky.social, @jcfarris.bsky.social, and more
The Datadog Security Digest is a monthly, practitioner-focused newsletter.
Don't miss our February edition going live tomorrow!
securitylabs.datadoghq.com/newsletters/...
The July edition of the Datadog Security Digest is out!
securitylabs.datadoghq.com/newsletters/...
• Cloud image investigator by @sethsec.bsky.social
• Our top picks for Black Hat / DEF CON
• A benchmark for LLM coding accuracy and security
• Malicious Homebrew installation campaign
.. and more
Need to hack thousands of AWS customers? What about on internal AWS systems? Datadog Security Research found that a number of tools, including one published by AWS, are susceptible to name confusion attacks, leading to RCE in vulnerable environments!
securitylabs.datadoghq.com/articles/who...
fwd:cloudsec is around the corner! Don't miss these 3 talks from Datadog researchers Seth Sec, Katie Knowles, Greg Foss, and Anthony Randazzo.
fwdcloudsec.org/conference/n...
@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
whoAMI attacks give hackers code execution on Amazon EC2 instances
We discovered a pattern in the way many projects retrieve Amazon Machine Images (AMIs), allowing attackers to publish AMIs with specially crafted names and gain code execution within vulnerable accounts.
securitylabs.datadoghq.com/articles/who...
by @sethsec.bsky.social
This February edition of the Datadog Security Digest dives into the
securitylabs.datadoghq.com
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
This month’s digest covers Hacker Summer Camp prep, a new cloud image investigator, and supply-chain vulnerabilities associated with the Open VSX Registry.
securitylabs.datadoghq.com
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name.
www.bleepingcomputer.com
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
I’m excited to share our research on the “whoAMI” attack. We discovered that AWS customers pulling AMI IDs insecurely could accidentally use malicious images instead of the legitimate ones— leading to remote code execution.
securitylabs.datadoghq.com/articles/who...
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
