AWS Security Digest

Monday,
August 25, 2025

🥖 Palette Cleanser

Hello my lovelies,

This was a great week for AWS security content. I couldn't even fit it all in, so I cheated and put this wonderful series of Amazon Q bug write-ups and videos by Johann Rehberger here instead of Chef's Selections:

Johann has been doing a "month of AI bugs," publishing an AI vulnerability every day in August.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

Using AWS Certificate Manager as a covert exfiltration mechanism by Costas Kourmpoglou

This week in cheeky exfiltration tactics: attackers can turn AWS Certificate Manager into a covert storage service by abusing the import-certificate API and stuffing payloads into the deprecated "nsComment" X.509 extension. According to Costas, it’s possible to smuggle up to 2 MB per cert (~7.5 GB/year) straight through ACM’s public endpoints. Since CloudTrail only logs “request too large” without the payload, the only way to catch it is with TLS-breaking proxy inspection.
Another ECS Privilege Escalation Path by Mohit Gupta, Tom Taylor-MacLean

Mohit and Tom found a new privilege escalation path starting from a compromised EC2 instance. With permissions like "ecs:StartTask" and "ecs:RegisterContainerInstance," they were able to self-register the EC2 into an ECS cluster, override the task definition’s start command, and then hit "169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" to retrieve task credentials. In their tests, even with "iam:PassRole" tightly scoped, this technique still opened a path to higher privileges, such as accessing Secrets Manager.
Evading Detection with Public S3 Buckets and Potential Data Exfiltration in AWS by Jason Kao

Jason found that AWS Trusted Advisor could be tricked into marking public S3 buckets as “secure” by adding bucket policies that deny checks like "s3:GetBucketPublicAccessBlock" or "s3:GetBucketAcl." In his testing, this let buckets remain world-readable via "s3:GetObject" while Trusted Advisor still reported green. He reported the issue in May 2025, and it has since been fixed.
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer by Nick Frichette, Brandon Dossantos

Simple but effective offensive security research is the best. Attackers could quietly enumerate AWS accounts by calling "resource-explorer-2:ListResources," which until July 2025 didn’t log to CloudTrail by default. Because the API laundered enumeration through Resource Explorer’s service-linked role, it returned a full inventory without generating the usual noisy "List*" or "Describe*" events. After their report, AWS reclassified "ListResources" as a management event, closing off this blind spot.

Bonus: EKS Hardening: Blocking Pod-Level Access to IMDS

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🥖 Palette Cleanser

📋 Chef's selections

🥗 AWS security blogs

🍛 Reddit threads on r/aws

💸 Sponsor shoutout

🤖 Dessert

🧁 IAM permission changes

🍪 API changes

🍹 IAM managed policy changes

☕ CloudFormation resource changes

🎮 Amazon Linux vulnerabilities

📺 AWS security bulletins

🚬 Security documentation changes