Amazon Web Services (AWS) is one of the most popular ways for companies large and small to deploy their software and infrastructure. That popularity makes it a prime target for attackers, but what do attacks in AWS even look like? We’ve all heard of the SSRF to metadata trick, but what else can attackers do? With this talk we’ll dive into the tactics, techniques, and procedures a modern Penetration Testing or Red Team can leverage to exploit cloud infrastructure/applications, and what defenders can do to make this more difficult.