CyberWire Daily

Leaking your AWS API keys, on purpose? [Research Saturday]

Apr 6, 2024

Noah Pack, a SANS Intern, discusses leaking AWS API keys intentionally for research. He shares insights on responses from different automated processes and security services. The aftermath of publicly revealing AWS API keys and the alerts triggered by GitGuardian, AWS, and suspicious IP addresses are highlighted. Implications of accidental leaks and risk mitigation strategies are explored, emphasizing the need for immediate action and key rotation.

26:30

Creator website

Episode guests

Noah Pack

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Accidentally leaking AWS API keys can result in immediate exploitation by threat actors, as demonstrated by Noah Pack's experience with exposing email credentials on GitHub.

Utilizing Canary Tokens can help in detecting unauthorized access, acting as honeypots that notify creators when triggered and providing valuable information to mitigate risks of exposing sensitive information.

Deep dives

Risks of Accidentally Sharing API Keys

Accidentally sharing AWS API keys can lead to immediate exploitation by threat actors. Noah Pack, an intern with the SANS Internet Storm Center, shared his experience when he posted code containing hardcoded email credentials on GitHub. Instantly, his email account was bombarded with login attempts, highlighting the risks of exposing sensitive information.

Introduction

2min

Lessons in Security and Canary Tokens

10min

Enhancing Cybersecurity and Combatting Cybercrime with SpyCloud

2min

Securing AWS API Keys: Lessons Learned

9min

Implications of Accidental AWS API Keys Leak and Risk Mitigation Strategies

2min

Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him.

The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment.

The research can be found here:

What happens when you accidentally leak your AWS API keys? [Guest Diary]

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CyberWire Daily

Leaking your AWS API keys, on purpose? [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Risks of Accidentally Sharing API Keys

Canary Tokens for Security Testing

Mitigation Strategies for API Key Exposure

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CyberWire Daily

Leaking your AWS API keys, on purpose? [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Risks of Accidentally Sharing API Keys

Canary Tokens for Security Testing

Mitigation Strategies for API Key Exposure

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights