Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
270
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
410
RDP Hijacking
c0d3xpl0it
0
460
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
380
Other Decks in Technology
See All in Technology
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
44k
【SLO】"多様な期待値" と向き合ってみた
z63d
2
300
オンプレとGoogle Cloudを安全に繋ぐための、セキュア通信の勘所
waiwai2111
3
1.1k
A Gentle Introduction to Transformers
keio_smilab
PRO
1
120
Oracle Cloud Infrastructure:2026年2月度サービス・アップデート
oracle4engineer
PRO
0
220
管理者向けGitHub Enterpriseの運用Tips紹介: 人にもAIにも優しいプラットフォームづくり
yuriemori
0
110
AI Agentにおける評価指標とAgent GPA
tsho
1
290
AIエンジニア Devin と歩む、自律型運用プロセスの構築
a2ito
0
680
20260305_【白金鉱業】分析者が地理情報を武器にするための軽量なアドホック分析環境
yucho147
1
160
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
EMからICへ、二周目人材としてAI全振りのプロダクト開発で見つけた武器
yug1224
3
380
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
14k
Featured
See All Featured
How Software Deployment tools have changed in the past 20 years
geshan
0
32k
Unsuck your backbone
ammeep
672
58k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
150
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.3k
Building the Perfect Custom Keyboard
takai
2
710
Measuring & Analyzing Core Web Vitals
bluesmoon
9
770
Accessibility Awareness
sabderemane
0
73
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
360
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
760
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
130
Done Done
chrislema
186
16k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
safie_recruit
z63d
waiwai2111
keio_smilab
oracle4engineer
yuriemori
tsho
a2ito
yucho147
sansan33
yug1224
geshan
ammeep
ryanjones
keavy
palkan
takai
bluesmoon
sabderemane
katarinadahlin
aleyda
chrislema
