Route table modification to imitate metadata service
Published Mon, Oct 19th, 2020
An attacker with sufficient privileges in AWS to modify the route table
and some other EC2 privileges, could pretend to be a metadata server and provide
an attacker controlled bootup script to EC2s to move laterally.