2025-08-05 –, Florentine F
This presentation delivers a deep (but definitely not boring) dive into the risks of CSP-managed NHI's across the big three clouds. By asking “What can go wrong?”, we'll examine how these machine identities can be exploited and the differences in technique and impact.
How do we keep things fun? Exploits unique to each cloud provider’s managed NHI are used as the framework to highlight the shortcomings of each design and inform our threat model. You’ll leave with an understanding of each cloud provider's NHI implementation and what you can do to mitigate risks posed by the ones automatically introduced by cloud services.
This presentation provides a focused examination of a critical risk area across all three major cloud providers: their implementations of CSP-managed Machine Identities. Specifically, we will delve into AWS Service-Linked Roles, Google-managed Service Agents, and Microsoft First-Party Applications.
Drawing upon my extensive experience in Cloud, Cloud Security, and, at its most niche, Cloud Security Identity, this talk will be structured around specific, known vulnerabilities and potential exploitation vectors inherent in each cloud's implementation of these CSP-managed identities. This will move beyond theoretical risks to highlight concrete issues.
Kat Traxler is the Principal Security Researcher at Vectra AI, focusing on abuse techniques and vulnerabilities in the public cloud. Before her current role, she worked at various stages in the SDLC, performing web application penetration testing and security architecture.
Kat’s research philosophy directs her work to where design flaws and misconfigurations are most probable. This guiding principle leads her research to the intersection of technologies, particularly the convergence of cloud security and application security, and where the OS layer interfaces with higher-level abstractions.
Kat has presented at conferences worldwide on topics such as privilege escalation in GCP and bug-hunting in the cloud. She can be found on the internet as @nightmareJS.