AWS Forensics – How a credential leak led to scanning 1000’s of AWS EBS volumes
A Friday wouldn’t be complete without an incident involving our DFIR team. Nonetheless, this was no ordinary incident; someone’s AWS credentials had been leaked and accessed from an unfamiliar location. Furthermore, it wasn’t just the client’s AWS interface that the compromised credentials had access to, but also several other accounts.