Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
260
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
400
RDP Hijacking
c0d3xpl0it
0
450
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
200
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
170
GPO Vs Applocker Restrictions
c0d3xpl0it
0
690
Introduction Atomic Red Team Framework
c0d3xpl0it
0
380
Other Decks in Technology
See All in Technology
Models vs Bounded Contexts for Domain Modularizati...
ewolff
0
200
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
62k
アウトプットはいいぞ / output_iizo
uhooi
0
120
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
さくらのクラウドでのシークレット管理を考える/tamachi.sre#2
fujiwara3
1
190
[PR] はじめてのデジタルアイデンティティという本を書きました
ritou
1
810
GitHub Copilot CLI 現状確認会議
torumakabe
6
960
AI時代のアジャイルチームを目指して ー スクラムというコンフォートゾーンからの脱却 ー / Toward Agile Teams in the Age of AI
takaking22
11
6.8k
Kusakabe_面白いダッシュボードの表現方法
ykka
0
290
Java 25に至る道
skrb
3
220
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
12k
OCI技術資料 : OS管理ハブ 概要
ocise
2
4.1k
Featured
See All Featured
Docker and Python
trallard
47
3.7k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Discover your Explorer Soul
emna__ayadi
2
1k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
140
Exploring anti-patterns in Rails
aemeredith
2
230
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
SEO for Brand Visibility & Recognition
aleyda
0
4.2k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
6.8k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Between Models and Reality
mayunak
1
170
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
730
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
ewolff
sansan33
uhooi
fullkaiten
fujiwara3
ritou
torumakabe
takaking22
ykka
skrb
ocise
trallard
chrisshort
emna__ayadi
davetheseo
aemeredith
palkan
aleyda
bkeepers
mayunak
csswizardry
bluesmoon
