The AWS ECS Jailbreak: How a Container Stole Admin Keys

Dive deep into the critical AWS ECS vulnerability presented at Black Hat USA. This is a full documentary breakdown of "ECS-cape – Hijacking IAM Privileges in Amazon ECS" by researcher Naor Haziz of Sweet Security.

🔍 In this video, we explain:
• The technical flaw that lets a low-privileged container steal AWS admin keys.
• The step-by-step attack flow: from IMDS to credential harvesting.
• Why AWS stated this was "not a security concern" and how the documentation was forced to change.
• Practical mitigations you MUST implement to secure your ECS clusters.

This video translates the complex 103-slide presentation into a clear, accessible guide for cloud engineers, security professionals, and anyone curious about cloud security risks.

📚 Research & Original Materials:
All credit for this discovery goes to Naor Haziz and Sweet Security.

• Original Black Hat Briefings Page: https://www.blackhat.com/us-25/briefi...
• Researcher's Blog Post: https://www.sweet.security/blog
• Researcher's Personal Site: https://naorhaziz.com/
• Official Proof-of-Concept (GitHub): https://github.com/naorhaziz/ecscape
• Connect with the Researcher (LinkedIn):   / naorhaziz  

🛡️ *Chapters / Timestamps:*
0:00 - The Shocking Vulnerability
1:30 - Understanding ECS, IAM, and the Security Model
5:45 - How the Discovery Was Made
8:20 - The ECScape Attack: A 6-Step Breakdown
15:10 - Live Impact and Stealthy Attribution
18:05 - AWS's Official Response & The Docs Change
20:15 - How to Defend Your Cloud (4 Key Strategies)
23:00 - Final Summary & The Shared Responsibility Model


Video Narration: Suchita Subedi
Research & Original Work: Naor Haziz / Sweet Security

⚠️ Disclaimer: This content is for educational and defensive security purposes only. All information is based on publicly disclosed research from Black Hat USA. Always follow AWS best practices and conduct security testing only in your own environments with proper authorization.

#AWS #EC2 #ECS #CloudSecurity #CyberSecurity #Hacking #BlackHat #PrivilegeEscalation #Documentary #SweetSecurity #Tutorial #AWSECS #Jailbreak

Warm Memories - Emotional Inspiring Piano by Keys of Moon |   / keysofmoon  
Attribution 4.0 International (CC BY 4.0)
https://creativecommons.org/licenses/...
Music promoted by https://www.chosic.com/free-music/all/

#AWS #EC2 #ECS #CloudSecurity #CyberSecurity #Hacking #BlackHat #PrivilegeEscalation #Documentary #SweetSecurity #Tutorial