Abusing Short-Term Credentials in AWS

Date Recorded: Tuesday, October 25th, 2022
Duration: 23 min

See how threat actors abuse short-term credentials to persist in your AWS environment. Attackers use hard-to-detect role chaining techniques to keep temporary credentials alive, indefinitely extending the lifetime of their STS credentials. 

Temporary credentials are both ubiquitous and ambiguous, running everywhere in the background of your cloud infrastructure but not easily seen or trackable. This method of authentication is hard to keep tabs on, and tracking attackers becomes a difficult problem to solve. Which is why we have prioritized this webinar to shed light on credential activity through the Uptycs solution and will walk you through the foundations of monitoring, detecting, and remediating anomalous temporary tokens in AWS.

What you will learn: 

  • What is a temporary credential? Differentiate between short and long term credentials, why are these short-term credentials so embedded into our AWS Infrastructure?
  • Learn how temporary credentials are abused and ‘fly under the radar’ for detection
  • See first hand examples of what this abuse looks like to your credentials and environment
  • Understand how to detect the tactics, techniques, and procedures of threat actors for role chaining and abusing short-term access key


Uptycs live presenters

Jeremy Colvin
Jeremy Colvin
Technical Product Marketing Manager
Andre Rall 400 x 400
Andre Rall
Director of Cloud Security

Resources for
the modern defender

Prepare for any challenges that lie ahead by choosing
the right tools today.

See Uptycs in action

Start with our free, no-obligation 35-day trial. Get comfortable with Uptycs using synthetic data, then deploy to a live environment.