Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS IAM Privilege Escalation Methods
Search
Pralhad Chaskar
July 26, 2019
Technology
0
230
AWS IAM Privilege Escalation Methods
Presented at null Dubai Meet 26 July 2019 Monthly Meet
Pralhad Chaskar
July 26, 2019
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
330
RDP Hijacking
c0d3xpl0it
0
390
Pwning O365 Infrastructure
c0d3xpl0it
0
560
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
170
Auditing ACLs on Active Directory
c0d3xpl0it
0
150
Adversay Emulation using Caldera
c0d3xpl0it
1
130
GPO Vs Applocker Restrictions
c0d3xpl0it
0
620
Introduction Atomic Red Team Framework
c0d3xpl0it
0
320
Other Decks in Technology
See All in Technology
非機能品質を作り込むための実践アーキテクチャ
knih
5
1.5k
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
190
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
170
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
200
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
PHPerのための計算量入門/Complexity101 for PHPer
hanhan1978
5
230
レンジャーシステムズ | 会社紹介(採用ピッチ)
rssytems
0
210
フロントエンド設計にモブ設計を導入してみた / 20241212_cloudsign_TechFrontMeetup
bengo4com
0
1.9k
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330
プロダクト開発を加速させるためのQA文化の築き方 / How to build QA culture to accelerate product development
mii3king
1
270
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
190
C++26 エラー性動作
faithandbrave
2
800
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
450
Docker and Python
trallard
42
3.1k
Code Reviewing Like a Champion
maltzj
520
39k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
The Language of Interfaces
destraynor
154
24k
The Cult of Friendly URLs
andyhume
78
6.1k
Mobile First: as difficult as doing things right
swwweet
222
9k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
The Cost Of JavaScript in 2023
addyosmani
45
7k
Making Projects Easy
brettharned
116
5.9k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
810
Transcript
AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)
None
Recap of AWS • ACCESS_KEYS → Identifier of the user
in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS
Permission Policies
Privilege Escalation in the cloud • Misconfiguration of identity and
access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works
For Auditors/Pentesters/BlueTeamer Take one user per role in order to
check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.
AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate
PACU • Pacu is an open source AWS exploitation framework,
designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
None
Demo
References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
None