Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
270
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
410
RDP Hijacking
c0d3xpl0it
0
460
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
Google系サービスで文字起こしから勝手にカレンダーを埋めるエージェントを作った話
risatube
0
190
GCASアップデート(202601-202603)
techniczna
0
180
楽しく学ぼう!ネットワーク入門
shotashiratori
1
390
us-east-1 に障害が起きた時に、 ap-northeast-1 にどんな影響があるか 説明できるようになろう!
miu_crescent
PRO
13
4.4k
AWS CDK「読めるけど書けない」を脱却するファーストステップ
smt7174
3
140
オレ達はAWS管理をやりたいんじゃない!開発の生産性を爆アゲしたいんだ!!
wkm2
4
530
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
sms_tech
3
840
VPCエンドポイント意外とお金かかるなぁ。せや、共有したろ!
tommy0124
1
630
楽しく学ぼう!ネットワーク入門
shotashiratori
4
3.3k
最強のAIエージェントを諦めたら品質が上がった話 / how quality improved after giving up on the strongest AI agent
kt2mikan
0
190
JAWS DAYS 2026 ExaWizards_20260307
exawizards
0
430
Zero Data Loss Autonomous Recovery Service サービス概要
oracle4engineer
PRO
2
13k
Featured
See All Featured
Docker and Python
trallard
47
3.8k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
140
Paper Plane (Part 1)
katiecoart
PRO
0
5.6k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
110
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
250
Claude Code のすすめ
schroneko
67
220k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
180
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
770
A better future with KSS
kneath
240
18k
Embracing the Ebb and Flow
colly
88
5k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
92
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
risatube
techniczna
shotashiratori
miu_crescent
smt7174
wkm2
sms_tech
tommy0124
kt2mikan
exawizards
oracle4engineer
trallard
pwiseman
katiecoart
techseoconnect
tammyeverts
schroneko
samtorres
aleyda
kneath
colly
ryanjones
jct
