2025-06-30 –, Room 1
Hijacking Privileges in the Cloud: Breaking Role Boundaries in Amazon ECS
Modern cloud environments rely on fine-grained identity and access management (IAM) to enforce security boundaries. But what happens when those boundaries break? In our research, we uncovered a vulnerability in an undocumented Amazon ECS protocol that allows a low-privileged role running on an EC2 instance to hijack the IAM privileges of higher-privileged containers on the same machine.
This talk will explore the technical details of this attack and how it exploits shared infrastructure in containerized environments. In addition, we will provide best practices on avoiding role co-location risks, ensuring that high-privilege tasks are never deployed alongside low-privilege workloads in ways that could allow privilege hijacking.
Naor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of experience in vulnerability research, exploit development, and system internals. He holds a degree in Computer Science and previously served as an officer in the IDF Intelligence Corps, leading a team focused on Windows and Linux security. At Sweet Security, he develops the company’s security sensor, designing and implementing high-performance detection capabilities for cloud environments. His work combines low-level development and cloud security research to improve monitoring, threat detection, and defense mechanisms, ensuring robust protection for modern cloud infrastructures against evolving security threats.