AWS Security Digest

Monday,
August 04, 2025

🥖 Palette Cleanser

Welcome back, party people,

Las Vegas is the place to be this week as Black Hat trainings have started, rolling into Black Hat briefings Wednesday and Thursday, followed immediately by Defcon. If you're lucky enough to be there, I highly recommend checking out the Defcon Cloud Village, which once again has some awesome AWS hacking talks. I'll round up all the AWS-related content from both cons once they're over.

The Notorious GCP just dropped its latest Cloud Threat Horizons Report. It shows groups like UNC2165 and UNC4393 deliberately wiping cloud-based backup routines and permissions before launching ransomware, forcing victims to pay unless they’ve built a “Cloud Isolated Recovery Environment” (think AWS Backup vaults in an unrelated account with one-way replication). It also digs into how decoy PDFs turn S3 or Drive into stealth malware CDNs, and how compromised build bots can poison browser extension supply chains. It's a really good read.

And if you want to ruin your day, here’s a nightmare fuel post about AWS allegedly deleting a decade-old account and all its data without warning.

Finally, a quick apology: Recent ASD issues have been missing AWS security announcements. Turns out AWS quietly removed category tags from the What's New blog feed, which broke my automation. No excuses - I’ll get it fixed.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

AWS AgentCore: The Overlooked Privilege Escalation Path in Bedrock’s AI Tooling by Nigel Sood

AWS AgentCore has this concept of code interpreters that let your agents safely execute generated code. You can create a custom code interpreter tool to run in an execution role, which gives the execution context access to session credentials. If you over-permission that role, things can go poorly—because apparently PassRole isn’t there to save you.
Aren't AWS Cloud Investigations the same as On-Prem? - Part 1 (AWS EC2) by Chester Le Bron

Chester argues that while AWS EC2 investigations share on-prem fundamentals, they diverge at “the crossover” where a compromised instance role and AWS APIs accelerate post-compromise actions, often leaving fewer host artifacts and shifting the center of gravity to CloudTrail (management vs. data events) and IAM analysis. He has a full investigation methodology breakdown at the end.
Building an AWS GuardDuty Alert Triage Agent by Dakota Riley

With all these AI security companies pitching agents as detection and response gods, it's worth trying for yourself. Dakota shows how an LLM-powered triage bot built with PydanticAI fetches GuardDuty and CloudTrail data through custom tool functions, formats its verdicts as structured JSON, and posts the results to Discord. In tests ranging from benign sample findings to a Stratus Red Team credential-theft scenario, the agent correctly labels alerts and surfaces key context.

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🥖 Palette Cleanser

📋 Chef's selections

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

🤖 Dessert

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

🚬 Security documentation changes