Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
260
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
410
RDP Hijacking
c0d3xpl0it
0
460
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
200
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
170
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
380
Other Decks in Technology
See All in Technology
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
350
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
360
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
170
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
770
20260208_第66回 コンピュータビジョン勉強会
keiichiito1978
0
130
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
今日から始める Amazon Bedrock AgentCore
har1101
4
410
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
genda
4
1.3k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
17k
Featured
See All Featured
Crafting Experiences
bethany
1
49
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
82
Prompt Engineering for Job Search
mfonobong
0
160
We Have a Design System, Now What?
morganepeng
54
8k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.1k
Chasing Engaging Ingredients in Design
codingconduct
0
110
Side Projects
sachag
455
43k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
110
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
270
Imperfection Machines: The Place of Print at Facebook
scottboms
269
14k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
sansantech
yamatai1212
daitak
sansan33
yukiogawa
okdt
keiichiito1978
har1101
genda
bethany
nmsamuel
kimpetersen
mfonobong
morganepeng
ivargrimstad
codingconduct
sachag
garrettdimon
techseoconnect
katarinadahlin
scottboms
