Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
240
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
360
RDP Hijacking
c0d3xpl0it
0
410
Pwning O365 Infrastructure
c0d3xpl0it
0
590
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
180
Auditing ACLs on Active Directory
c0d3xpl0it
0
170
Adversay Emulation using Caldera
c0d3xpl0it
1
150
GPO Vs Applocker Restrictions
c0d3xpl0it
0
660
Introduction Atomic Red Team Framework
c0d3xpl0it
0
340
Other Decks in Technology
See All in Technology
Roo CodeとClaude Code比較してみた
pharma_x_tech
1
300
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
minorun365
PRO
12
1.6k
(新URLに移行しました)FASTと向き合うことで見えた、大規模アジャイルの難しさと楽しさ
wooootack
0
670
Autonomous Database サービス・アップデート (FY25)
oracle4engineer
PRO
2
760
マルチテナント+マルチプロダクト SaaS への AI Agent の組み込み方
kworkdev
PRO
2
300
大失敗しないための Web API 開発レシピ / A recipe for not making a big failure on WebAPI development
yokawasa
1
260
In Praise of "Normal" Engineers (LDX3)
charity
0
560
Data Hubグループ 紹介資料
sansan33
PRO
0
1.8k
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
2.1k
"SaaS is Dead" は本当か!? 生成AI時代の医療 Vertical SaaS のリアル
kakehashi
PRO
3
180
20250612_GitHubを使いこなすためにソニーの開発現場が取り組んでいるプラクティス.pdf
osakiy8
1
720
TODAY 看世界(?) 是我們在看扣啦!
line_developers_tw
PRO
0
110
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.5k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
BBQ
matthewcrist
89
9.7k
Gamification - CAS2011
davidbonilla
81
5.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
Done Done
chrislema
184
16k
The Straight Up "How To Draw Better" Workshop
denniskardys
233
140k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Facilitating Awesome Meetings
lara
54
6.4k
Designing for Performance
lara
609
69k
Why Our Code Smells
bkeepers
PRO
337
57k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
.png){kind=icon}
pharma_x_tech
minorun365
wooootack
oracle4engineer
kworkdev
yokawasa
charity
sansan33
kakehashi
osakiy8
line_developers_tw
productmarketing
addyosmani
matthewcrist
davidbonilla
honnibal
chrislema
denniskardys
palkan
thoeni
lara
bkeepers
