AWS IAM Privilege Escalation Methods

Free

IAM

Iam

Aws

Privilege Escalation

Security Vulnerability

Attack Vector

Visit WebsiteVisit Website

An attacker with the iam:CreatePolicyVersion permission can create a new version of an IAM policy that they have access to. This allows them to define their own custom permissions. When creating a new policy version, it needs to be set as the default version to take effect, which you would think would require the iam:SetDefaultPolicyVersion permission, but when creating a new policy version, it is possible to include a flag (--set-as-default) that will automatically create it as the new default version. That flag does not require the iam:SetDefaultPolicyVersion permission to use. This privilege escalation method could allow a user to gain full administrator access of the AWS account.

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

ALTERNATIVES

Microsoft Entra Verified ID

A decentralized identity verification solution that enables organizations to issue, manage, and verify digital credentials for user-owned identity scenarios.

Commercial

IAM

Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory

Abusing DNSAdmins privilege for escalation in Active Directory

Free

IAM

DumpsterDiver

DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.

Free

IAM

Teller

Open-source universal secret manager for developers with seamless integration to various cloud services and vaults.

Free

IAM

AWS Vault

Securely store and access AWS credentials in a development environment.

Free

IAM

Monokee

Monokee is an identity orchestration and access management platform that provides visual, low-code tools for designing authentication workflows, managing digital identities, and implementing secure access controls across multiple domains.

Commercial

IAM

AWS IAM Policy Generator for AWS CDK

A NodeJS/Typescript library for generating IAM Policy Actions Statements for AWS CDK with predefined constants and a factory class.

Free

IAM

Sealed Secrets

Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.

Free

IAM

PINNED

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Resources

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources

CTIChef.com Detection Feeds

A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

Threat Management

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security