Bleon Proko

Security Engineer

An Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting.

14:30 - 15:00

Pallati i Kongreseve (The Palace of Congresses) Main Conference - 22 September

Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets

A successful ransomware attack is the culmination of numerous steps by a determined attacker: gaining initial access to the victim’s environment, identifying sensitive data, exfiltrating sensitive data, encrypting original data, etc.

This talk will outline how an attacker can abuse the principle of Least-Privilege on KMS keys to encrypt the data on its target's buckets, making them unaccessible. This talk will also show how a defender can protect or detect against these attacks, rendering them useless.