Thursday, January 28 @10 AM PT/1 PM ET

Long-ived AWS access keys persist in modern infrastructure, frequently residing in source code, local development environments, and build artifacts. In this session, Truffle Security’s Joseph Leon and guest cloud security expert Eduard Agavriloae break down the mechanics of an AWS access key leak.

We’ll discuss how attackers locate exposed keys and exploit them to escalate privileges and execute common cloud attacks. We’ll cover the essential triage steps required immediately after a credential leak and discuss the architectural shift to short-lived, identity-based roles to reduce the attack surface