Dual Core

Stay Free: Tampering AWS CloudTrail

You have gained access to an AWS account and don’t want to go to prison. The all-seeing eyes of the Blue Team and SOC analysts attempt to monitor your every move via AWS CloudTrail. How can we tamper the defenders’ capabilities to complete our objectives and remain free?

This talk will present a set of techniques for tampering the premier telemetry facility in AWS, accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for evasion in AWS environments, along with a methodology for evaluating potential evasion techniques. We will focus on perspectives of offense, defense, and engineering.

int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Twitter and Mastodon as @int0x80.