TL;DR: We discovered that AWS services like SageMaker, Glue, and EMR generate default IAM roles with overly broad permissions—including full access to all S3 buckets. These default roles can be exploited to escalate privileges, pivot between services, and even take over entire AWS accounts. For example, importing a malicious Hugging Face model into SageMaker can trigger code execution that compromises other AWS services. Similarly, a user with access only to the Glue service could escalate privileges and gain full administrative control. AWS has made fixes and notified users, but many environments remain exposed because these roles still exist—and many open-source projects continue to create similarly risky default roles.

TLDR: In this research, we uncover flaws in the Prometheus ecosystem, including information disclosure, denial-of-service (DoS), and remote code execution risks via RepoJacking of Prometheus exporters. Over 336,000 Prometheus servers and Node Exporters are publicly exposed.

Traceeshark: integrates Linux runtime security monitoring and system tracing with Wireshark, allowing users to load Tracee captures in JSON format into Wireshark for analysis. It enables the examination of system events alongside network packets, offering rich context about processes and containers. Additionally, Traceeshark allows for real-time event capture from Tracee directly within Wireshark, whether on a local machine, a semi-local setup using Docker on Windows/Mac, or remotely via SSH.

TL;DR: Uncovered Six Critical AWS Vulnerabilities

We uncovered six severe vulnerabilities in AWS services that exploited predictable S3 bucket names. These vulnerabilities allowed attackers to intercept and manipulate service resources, potentially leading to full account takeovers (depending on the service role's permissions): 1. CloudFormation: Allowed attackers to execute remote code and manipulate data, potentially leading to a full account takeover. 2. Glue: Enabled remote code execution and data exfiltration by injecting malicious code into ETL jobs. 3. EMR: Made it possible for attackers to inject malicious code into Jupyter notebooks, leading to RCE/XSS . 4. SageMaker: data leakage and manipulation, which could alter machine learning model outputs and expose sensitive information. 5. ServiceCatalog: Allowed attackers to inject resources into CloudFormation templates, deploying malicious components or unauthorized admin roles. 6. CodeStar: Facilitated denial of service (DoS) attacks by blocking legitimate service use.

In four out of these six vulnerabilities, attackers needed only the victim's account ID to execute the exploit. This highlights the importance of treating AWS account IDs as confidential information.

Our blog,details these vulnerabilities, describing the "Shadow Resource" attack vector and the "Bucket Monopoly" technique. AWS has fixed these vulnerabilities, but similar attack vectors may still exist in open-source projects and other scenarios.

For detailed insights, mitigation strategies, check out our blog.