Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
260
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
400
RDP Hijacking
c0d3xpl0it
0
450
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
200
Auditing ACLs on Active Directory
c0d3xpl0it
0
190
Adversay Emulation using Caldera
c0d3xpl0it
1
170
GPO Vs Applocker Restrictions
c0d3xpl0it
0
690
Introduction Atomic Red Team Framework
c0d3xpl0it
0
370
Other Decks in Technology
See All in Technology
GitHub Copilotを使いこなす 実例に学ぶAIコーディング活用術
74th
3
3.6k
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
2
860
SREには開発組織全体で向き合う
koh_naga
0
390
打 造 A I 驅 動 的 G i t H u b ⾃ 動 化 ⼯ 作 流 程
appleboy
0
370
AIの長期記憶と短期記憶の違いについてAgentCoreを例に深掘ってみた
yakumo
4
460
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
sekido
PRO
0
170
AIプラットフォームにおけるMLflowの利用について
lycorptech_jp
PRO
1
180
フィッシュボウルのやり方 / How to do a fishbowl
pauli
2
220
ExpoのインダストリーブースでみたAWSが見せる製造業の未来
hamadakoji
0
170
MySQLとPostgreSQLのコレーション / Collation of MySQL and PostgreSQL
tmtms
1
1.1k
.NET 10の概要
tomokusaba
0
120
障害対応訓練、その前に
coconala_engineer
0
140
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.6k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
740
The Pragmatic Product Professional
lauravandoore
37
7.1k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.8k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
30
WCS-LA-2024
lcolladotor
0
380
How to Ace a Technical Interview
jacobian
281
24k
Amusing Abliteration
ianozsvald
0
63
Reality Check: Gamification 10 Years Later
codingconduct
0
1.9k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
74th
tbshiki
.JPG){kind=avatar}
koh_naga
appleboy
yakumo
sekido
lycorptech_jp
pauli
hamadakoji
tmtms
tomokusaba
coconala_engineer
honnibal
hatefulcrawdad
productmarketing
tammyeverts
lauravandoore
aleyda
keavy
stuffmc
lcolladotor
jacobian
ianozsvald
codingconduct
