A new ECS security mess—ECScape—lets low-privileged tasks on EC2 act like the ECS agent. That’s bad. Real bad. Why? Because it opens the door to stealing IAM credentials from other ECS tasks sharing the same host.
Here’s the trick: The attacker hits the instance metadata service (IMDS) and fakes a WebSocket handshake with AWS’s control plane. No container breakout needed. Just credentials, gone.
