Amazon Elastic Container Service (ECS) is a popular container orchestration service that relies on IAM roles for fine-grained access control. Our research uncovered a critical privilege escalation vulnerability that allows a low-privileged task running on an ECS instance to hijack the IAM privileges of higher-privileged containers on the same EC2 machine.This talk will unveil the details of this previously undisclosed vulnerability, dubbed ECS-cape, which exploits an undocumented ECS protocol to escalate privileges. By taking advantage of shared infrastructure in containerized environments, attackers can use this technique to gain unauthorized access to cloud resources.We will demonstrate ECS-cape live, showcasing how an attacker can leverage this flaw to escalate privileges. The session will also cover practical defense strategies, detailing why co-locating high-privilege and low-privilege workloads on the same ECS instance is risky and how organizations can architect their cloud environments to mitigate this attack vector.Attendees will leave with a clear understanding of how to detect, mitigate, and prevent similar privilege escalation risks in their cloud infrastructure.