Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
250
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
380
RDP Hijacking
c0d3xpl0it
0
430
Pwning O365 Infrastructure
c0d3xpl0it
0
590
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
190
Auditing ACLs on Active Directory
c0d3xpl0it
0
180
Adversay Emulation using Caldera
c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
c0d3xpl0it
0
360
Other Decks in Technology
See All in Technology
Backlog AI アシスタントが切り開く未来
vvatanabe
1
170
サービスロボット最前線:ugoが挑むPhysical AI活用
kmatsuiugo
0
140
[OCI Technical Deep Dive] OCIで生成AIを活用するためのソリューション解説(2025年8月5日開催)
oracle4engineer
PRO
0
120
いま、あらためて考えてみるアカウント管理 with IaC / Account management with IaC
kohbis
2
430
ABEMAにおける 生成AI活用の現在地 / The Current Status of Generative AI at ABEMA
dekatotoro
0
340
JAWS AI/ML #30 AI コーディング IDE "Kiro" を触ってみよう
inariku
3
400
生成AI利用プログラミング:誰でもプログラムが書けると 世の中どうなる?/opencampus202508
okana2ki
0
160
GISエンジニアよ 現場に行け!
sudataka
1
140
意志の力が9割。アニメから学ぶAI時代のこれから。
endohizumi
1
110
コミュニティと計画的偶発性理論 - 出会いが人生を変える / Life-Changing Encounters
soudai
PRO
7
770
Amazon Qで2Dゲームを作成してみた
siromi
0
170
Mackerel in さくらのクラウド
cubicdaiya
1
310
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.4k
Gamification - CAS2011
davidbonilla
81
5.4k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
Measuring & Analyzing Core Web Vitals
bluesmoon
8
560
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Designing for Performance
lara
610
69k
A Tale of Four Properties
chriscoyier
160
23k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Rails Girls Zürich Keynote
gr2m
95
14k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
vvatanabe
kmatsuiugo
oracle4engineer
kohbis
dekatotoro
inariku
okana2ki
sudataka
endohizumi
soudai
siromi
cubicdaiya
philnash
davidbonilla
tanoku
bluesmoon
marcelosomers
lara
chriscoyier
jlugia
gr2m
iamctodd
hatefulcrawdad
jmmastey
