Tools Resources
Group-46

AWS SageMaker Jupyter Notebook Instance Takeover

Gafnit Amiga<
By: Gafnit Amiga
Dec 2, 2021

During our research about security in data science tools we decided to look at Amazon SageMaker which is a fully managed machine learning service in AWS. Here is the long and short of our recent discovery. TL; DR We found that an attacker can run any code on a victim’s SageMaker JupyterLab Notebook Instance across accounts. This means that an attacker can access the Notebook Instance metadata…