Haziz initially got down to construct an eBPF-based real-time monitoring software for ECS workloads. Whereas doing so, he intercepted communication between the ECS agent and AWS backend as a part of his debugging course of, which is when he seen the undocumented WebSocket channel.
From lowly duties to privileged IAM roles
Because of the default availability of IMDS, any container (with low-level entry) on an EC2-based ECS occasion can learn the occasion function credentials supposed for the ECS agent.
“No container breakout (no hostroot entry) was required – nevertheless IMDS entry was required through intelligent community and system trickery from inside the container’s personal namespace,” Haziz famous, including that accessing IMDS lets any container impersonate an ECS agent. AWS has documentation on how you can forestall or restrict entry to IMDS.
Armed with these occasion function credentials, the attacker can forge communication over the ACS WebSocket. This permits them to intercept or request IAM credentials of different working duties, even when these duties are purported to be remoted by IAM roles. Primarily, the compromised container escalates by masquerading because the orchestrator ECS agent answerable for managing and orchestrating duties.
“The stolen keys (IAM credentials) work precisely like the actual job’s keys,” Haziz mentioned. “AWS CloudTrail will attribute API calls to the sufferer job’s function, so preliminary detection is hard – it seems as if the sufferer job is performing the actions.” This lets attackers be invisible within the logs as a result of AWS thinks the sufferer is doing every little thing.
