$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
260
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
390
RDP Hijacking
c0d3xpl0it
0
440
Pwning O365 Infrastructure
c0d3xpl0it
0
600
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
200
Auditing ACLs on Active Directory
c0d3xpl0it
0
190
Adversay Emulation using Caldera
c0d3xpl0it
1
170
GPO Vs Applocker Restrictions
c0d3xpl0it
0
690
Introduction Atomic Red Team Framework
c0d3xpl0it
0
370
Other Decks in Technology
See All in Technology
命名から始めるSpec Driven
kuruwic
3
830
GitLab Duo Agent Platformで実現する“AI駆動・継続的サービス開発”と最新情報のアップデート
jeffi7
0
150
eBPFとwaruiBPF
sat
PRO
2
930
MS Ignite 2025で発表されたFoundry IQをRecap
satodayo
3
230
mablでリグレッションテストをデイリー実行するまで #mablExperience
bengo4com
0
470
なぜ使われないのか?──定量×定性で見極める本当のボトルネック
kakehashi
PRO
1
760
履歴テーブル、今回はこう作りました 〜 Delegated Types編 〜 / How We Built Our History Table This Time — With Delegated Types
moznion
15
9.4k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
37k
M5UnifiedとPicoRubyで楽しむM5シリーズ
kishima
0
110
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
0
640
法人支出管理領域におけるソフトウェアアーキテクチャに基づいたテスト戦略の実践
ogugu9
1
110
Agents IA : la nouvelle frontière des LLMs (Tech.Rocks Summit 2025)
glaforge
0
380
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
700
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
KATA
mclloyd
PRO
32
15k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.8k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.1k
The Language of Interfaces
destraynor
162
25k
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1.2k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Side Projects
sachag
455
43k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.1k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
kuruwic
jeffi7
sat
satodayo
bengo4com
kakehashi
moznion
safie_recruit
kishima
oracle4engineer
ogugu9
glaforge
tammyeverts
sugarenia
mclloyd
honnibal
garrettdimon
thoeni
palkan
destraynor
addyosmani
erikaheidi
sachag
dougneiner
