Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
280
0
Share
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
Unfurling AI
c0d3xpl0it
0
20
M365 Security Review
c0d3xpl0it
0
420
RDP Hijacking
c0d3xpl0it
0
470
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Other Decks in Technology
See All in Technology
Swift Sequence の便利 API 再発見
treastrain
1
270
AIを賢くしたいなら、まずは人間の改善ループから
subroh0508
0
100
Claude Codeウェビナー資料 - AWSの最新機能をClaude Codeで高速に検証する
oshanqq
0
460
2026年春のAgentCoreアプデ 細かいやつ全部まとめ
minorun365
4
230
20260515 ⾃分のアカウントとプライバシーを守る認証と認可の話〜利⽤者向け〜
oidfj
0
200
Tachikawa.any 運営挨拶
daitasu
0
170
QAエンジニアはどうやって プロダクト議論の場に入れるのか?
moritamasami
2
420
そのSLO 99.9%、本当に必要ですか? 〜優先度付きSLOによる責任共有の設計思想〜 / Is that 99.9% SLO really necessary? Design philosophy of shared responsibility through prioritized SLOs
vtryo
0
700
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.5k
2026-05-14 要件定義からソース管理まで!IBM Bob基礎ハンズオン
yutanonaka
0
150
How to learn AWS Well-Architected with AWS BuilderCards: Security Edition
coosuke
PRO
0
130
いつの間にかデータエンジニア以外の業務も増えていたけど、意外と経験が役に立ってる
zozotech
PRO
0
560
Featured
See All Featured
Side Projects
sachag
455
43k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
190
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
110
Darren the Foodie - Storyboard
khoart
PRO
3
3.3k
Between Models and Reality
mayunak
3
280
Google's AI Overviews - The New Search
badams
0
1k
How to make the Groovebox
asonas
2
2.2k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.2k
New Earth Scene 8
popppiees
3
2.2k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
300
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.4k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
treastrain
subroh0508
.jpg){kind=avatar}
oshanqq
minorun365
.png){kind=avatar}
oidfj
daitasu
moritamasami
vtryo
oracle4engineer
yutanonaka
coosuke
zozotech
sachag
ryanjones
stuffmc
khoart
mayunak
badams
asonas
marktimemedia
inesmontani
popppiees
ks91
kevinliebholz
