That’s basically what ECScape is all about — a newly discovered vulnerability in Amazon ECS (Elastic Container Service) that’s making serious waves in the security world.
Revealed at Black Hat USA 2025 by researcher Naor Haziz from Sweet Security, ECScape exposes a way for malicious containers to grab IAM credentials from other containers running on the same EC2 instance.
If you’re using ECS the “classic” way — EC2-backed with shared instances — this is a red flag moment.
Press enter or click to view image in full size
Let’s break it down without the jargon overload:
- Imagine two containers running side by side on the same EC2 server.
- One container has low privileges. The other has higher AWS permissions.
- ECScape allows the low-privilege container to steal credentials from its neighbor by abusing an undocumented internal ECS protocol.
- With those stolen credentials, the attacker can move laterally, escalate privileges, or even compromise…