Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
270
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
410
RDP Hijacking
c0d3xpl0it
0
460
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
kaomi_wombat
0
240
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
qa
0
290
QA組織のAI戦略とAIテスト設計システムAITASの実践
sansantech
PRO
1
140
How to install a gem
indirect
0
1.5k
「コントロールの三分法」で考える「コト」への向き合い方 / phperkaigi2026
blue_goheimochi
0
150
Laravelで学ぶOAuthとOpenID Connectの基礎と実装
kyoshidaxx
4
1.8k
MCPで決済に楽にする
mu7889yoon
0
110
SSoT(Single Source of Truth)で「壊して再生」する設計
kawauso
2
330
イベントで大活躍する電子ペーパー名札を作る(その2) 〜 M5PaperとM5PaperS3 〜 / IoTLT @ JLCPCB オープンハードカンファレンス
you
PRO
0
200
「捨てる」を設計する
kubell_hr
0
250
LLMに何を任せ、何を任せないか
cap120
10
5.4k
Phase12_総括_自走化
overflowinc
0
1.5k
Featured
See All Featured
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
990
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Are puppies a ranking factor?
jonoalderson
1
3.2k
Darren the Foodie - Storyboard
khoart
PRO
3
3k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.4k
Statistics for Hackers
jakevdp
799
230k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
190
Speed Design
sergeychernyshev
33
1.6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Accessibility Awareness
sabderemane
0
84
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
kaomi_wombat
qa
sansantech
indirect
blue_goheimochi
kyoshidaxx
mu7889yoon
kawauso
you
kubell_hr
cap120
overflowinc
tamaranovitovic
jlugia
jonoalderson
khoart
palkan
jakevdp
wjessup
nikkihalliwell
sergeychernyshev
eileencodes
garrettdimon
sabderemane
