In this session we will demonstrate how attackers can abuse a misconfigured web application running on EC2 to gain full control of an entire AWS cloud account. You will be able to understand the chain of events that lead to such a disaster, and gain ideas on how it could be prevented.