Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
250
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
390
RDP Hijacking
c0d3xpl0it
0
440
Pwning O365 Infrastructure
c0d3xpl0it
0
600
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
190
Auditing ACLs on Active Directory
c0d3xpl0it
0
180
Adversay Emulation using Caldera
c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
c0d3xpl0it
0
680
Introduction Atomic Red Team Framework
c0d3xpl0it
0
360
Other Decks in Technology
See All in Technology
AI時代におけるデータの重要性 ~データマネジメントの第一歩~
ryoichi_ota
0
710
ソフトウェアエンジニアの生成AI活用と、これから
lycorptech_jp
PRO
0
900
OSSで50の競合と戦うためにやったこと
yamadashy
3
990
Dylib Hijacking on macOS: Dead or Alive?
patrickwardle
0
470
AI時代、“平均値”ではいられない
uhyo
8
2.6k
可観測性は開発環境から、開発環境にもオブザーバビリティ導入のススメ
layerx
PRO
0
340
Azureコストと向き合った、4年半のリアル / Four and a half years of dealing with Azure costs
aeonpeople
1
300
あなたの知らない Linuxカーネル脆弱性の世界
recruitengineers
PRO
3
160
FinOps について (ちょっと) 本気出して考えてみた
skmkzyk
0
210
Dify on AWS 環境構築手順
yosse95ai
0
130
アウトプットから始めるOSSコントリビューション 〜eslint-plugin-vueの場合〜 #vuefes
bengo4com
3
1.8k
マルチエージェントのチームビルディング_2025-10-25
shinoyamada
0
180
Featured
See All Featured
Speed Design
sergeychernyshev
32
1.2k
KATA
mclloyd
PRO
32
15k
A better future with KSS
kneath
239
18k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Mobile First: as difficult as doing things right
swwweet
225
10k
Facilitating Awesome Meetings
lara
57
6.6k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Stop Working from a Prison Cell
hatefulcrawdad
272
21k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
230
22k
Writing Fast Ruby
sferik
630
62k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
ryoichi_ota
lycorptech_jp
yamadashy
patrickwardle
uhyo
layerx
aeonpeople
recruitengineers
skmkzyk
yosse95ai
bengo4com
shinoyamada
sergeychernyshev
mclloyd
kneath
thoeni
swwweet
lara
reverentgeek
morganepeng
hatefulcrawdad
danielanewman
sferik
mongodb
