Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
240
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
360
RDP Hijacking
c0d3xpl0it
0
410
Pwning O365 Infrastructure
c0d3xpl0it
0
590
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
180
Auditing ACLs on Active Directory
c0d3xpl0it
0
170
Adversay Emulation using Caldera
c0d3xpl0it
1
150
GPO Vs Applocker Restrictions
c0d3xpl0it
0
660
Introduction Atomic Red Team Framework
c0d3xpl0it
0
340
Other Decks in Technology
See All in Technology
Nonaka Sensei
kawaguti
PRO
3
610
QAはソフトウェアエンジニアリングを学んで実践するのが大事なの
ymty
1
360
「どこにある?」の解決。生成AI(RAG)で効率化するガバメントクラウド運用
toru_kubota
2
310
活きてなかったデータを活かしてみた話 / Shirokane Kougyou vol 19
sansan_randd
1
160
今からでも間に合う! 生成AI「RAG」再入門 / Re-introduction to RAG in Generative AI
hideakiaoyagi
1
160
Tenstorrent HW/SW 概要説明
tenstorrent_japan
0
380
技術職じゃない私がVibe Codingで感じた、AGIが身近になる未来
blueb
0
120
SFTPコンテナからファイルをダウンロードする
dip
0
110
現場で役立つAPIデザイン
nagix
1
250
「伝える」を加速させるCursor術
naomix
0
600
基調講演: 生成AIを活用したアプリケーションの開発手法とは?
asei
1
120
新規プロダクト開発、AIでどう変わった? #デザインエンジニアMeetup
bengo4com
0
430
Featured
See All Featured
Designing for humans not robots
tammielis
253
25k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Designing Experiences People Love
moore
142
24k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
228
22k
Mobile First: as difficult as doing things right
swwweet
223
9.6k
Six Lessons from altMBA
skipperchong
28
3.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.7k
How to train your dragon (web standard)
notwaldorf
92
6.1k
Writing Fast Ruby
sferik
628
61k
The Cult of Friendly URLs
andyhume
79
6.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.3k
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None
c0d3xpl0it
kawaguti
ymty
toru_kubota
sansan_randd
hideakiaoyagi
tenstorrent_japan
blueb
dip
nagix
naomix
asei
bengo4com
tammielis
bluesmoon
moore
keithpitt
danielanewman
swwweet
skipperchong
maggiecrowley
notwaldorf
sferik
andyhume
eileencodes
