Comment on AWS intruder pulled off AI-assisted cloud break-in in 8 mins
CallMeAnAI@lemmy.world 2 days ago
Y’all obviously lead with AI and your bad at propaganda.
>The attackers initially gained access by stealing valid test credentials from public Amazon S3 buckets. The credentials belonged to an identity and access management (IAM) user with multiple read and write permissions on AWS Lambda and restricted permissions on AWS Bedrock
Run your shit against tenable once in a while.
REDACTED@infosec.pub 2 days ago
The point of the article is to show that with help of AI, attacks can be executed faster, which means higher success chance for getting more data/damage as you’re essentially running against time.
How long would all this have taken without automation?
CallMeAnAI@lemmy.world 2 days ago
According to you all shorter because AI is simultaneously garbage propping upa bubble, so my sarcastic answer is it’s slower.
That being said I know I could detect and scan, with nessus/snyk/security hub and detect the issue inside of 5 minutes. Probably another half hour to hour for a proper pen tester to send an AWS exploit package at it and own the rest within an hour or two.
How many people do you think catch exploits in the first day or even week or month of a hack? I’ve got some news for you, its only the companies who really need their shit together and have a strong opssec team. They ain’t going deleting buckets. They sit on it for months and years in most post mortem.