401‐Reading 16 - Skalyx866/Notes GitHub Wiki

What were the three commands used for the attack?

The commands that were used for the attack are: get credentials, list buckets, and download files

What misconfiguration of AWS components allowed the attacker to access sensitive data?

They used a misconfigured web application firewall to access the EC2 services

What are two of the AWS Governance practices that could have prevented such attack?

Two of the AWS Governance practices that could have prevented such attacks are: Using cloudtrail, cloudwatch, and/or AWS Lambda to review or automate specifics tasks in the EC2 and don't allow EC2 to have IAM user roles.

Source: Lessons Learned from the Capital One Data Breach (PDF)

Things I would like to know more about

I have always been interested in how someone would be able to attack a cloud services and what that would look like.