alt Hacker NewsThere are logs for accessing aws resources and if you don't see the access before you revoke it then the data is safe
Replies
zymhan • last Monday at 12:15 AM
Because an attacker would never cover their tracks...
There are logs for accessing aws resources and if you don't see the access before you revoke it then the data is safe
Because an attacker would never cover their tracks...
Unless the attacker used any one of hundreds of other avenues to access the AWS resource.
Are you sure they didn’t get a service account token from some other service then use that to access customer data?
I’ve never seen anyone claim in writing all permutations are exhaustively checked in the audit logs.