In this session, Blast Security researchers break down real-world AWS attack paths observed in 2025, starting with stolen API keys and ending in full administrative control. You’ll see how attackers exploit IAM trust relationships, permissive roles, service confusion, and overlooked cloud features to escalate privileges and move laterally — often without triggering meaningful alerts.
More importantly, we’ll show how to stop these attack paths before damage occurs by applying preventive guardrails that reduce blast radius and block escalation at the root. This is not a theoretical talk. It’s a practical, attacker-informed walkthrough of how AWS compromises actually unfold — and how to shut them down.
Why attend
Understand real AWS attack paths
See how attackers chain IAM roles, abuse SaaS tokens, and exploit cloud-native services to move from initial access to root.
Learn where detection breaks down
Why alerts, logs, and post-incident remediation are often too late once credentials are compromised.
Block escalation before it happens
Practical guardrails using AWS SCPs, RCPs, and IAM policies to prevent privilege escalation and lateral movement.
Reduce blast radius fast
How to stop entire classes of attacks by constraining trust, permissions, and service behavior — without breaking production.
Walk away with actionable policies
Concrete AWS policy patterns you can apply immediately to harden your environment.
Roi Panai
CTO, Blast
Maor Shaybet
Senior Researcher, Blast
This event has ended.
Contact us for additional information. We look forward to seeing you at our next event.
Stay ahead. Get Preemptive Cloud Defense insights in your inbox.
