2025-09-16 –, Main Room
A few years ago, I stumbled across something odd in AWS: by combining VPC endpoints with customizable internal IP ranges, an attacker with stolen credentials could make API calls that show up in the victim’s logs with whatever source IP they wanted. No packet trickery - just using AWS as designed.
Recently, I revisited this idea and tried to pull off the same thing in Azure and GCP. Along the way, I learned a lot, found a bug in cross-tenant issuer validation, and came away with a much clearer picture of how each cloud handles internal control-plane API calls made using identities from other tenants.
In this talk, I’ll walk through:
- How the technique works in principle: combining within-VPC cloud API access and flexible control over internal IPs.
- How the ability to use identities from one tenant to call the cloud control plane in another (not cross-tenant resource access!) works differently in each cloud - and how that affects the technique.
- What this means for real-world abuse potential: in AWS it’s feasible but detectable, in Azure it’s mostly a no-op, and in GCP... 🤦
- And finally, how to detect it: which log fields to look at, and how to distinguish this behavior from legitimate activity.
If you join, expect a technically detailed walkthrough of what happened when I tried to force-fit the same theoretically portable idea into three clouds with very different architectures - and the lessons learned.
Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.