AWS IAM Privilege Escalation Methods Logo

AWS IAM Privilege Escalation Methods

0
Free
IAM
iam
aws
privilege-escalation
security-vulnerability
attack-vector
Visit Website

An attacker with the iam:CreatePolicyVersion permission can create a new version of an IAM policy that they have access to. This allows them to define their own custom permissions. When creating a new policy version, it needs to be set as the default version to take effect, which you would think would require the iam:SetDefaultPolicyVersion permission, but when creating a new policy version, it is possible to include a flag (--set-as-default) that will automatically create it as the new default version. That flag does not require the iam:SetDefaultPolicyVersion permission to use. This privilege escalation method could allow a user to gain full administrator access of the AWS account.

FEATURES

ALTERNATIVES

BeyondTrust Privileged Access Management (PAM) Logo
BeyondTrust Privileged Access Management (PAM)

BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.

Free
IAM
Active Directory Control Paths Logo
Active Directory Control Paths

Tool for visualizing and analyzing control paths in Active Directory to determine access privileges and permissions.

Free
IAM
SUDO_KILLER Logo
SUDO_KILLER

A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.

Free
IAM
Passpie Logo
Passpie

Command-line password manager with GnuPG encryption and colorful interface.

Free
IAM
BlackBox Logo
BlackBox

Safely store secrets in version control repositories with GPG encryption support.

Free
IAM
league/oauth2-server Logo
league/oauth2-server

A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.

Free
IAM
Zoho Vault Logo
Zoho Vault

Zoho Vault is a secure password management tool that allows you to store and automatically fill in passwords on websites and apps.

Commercial
IAM
Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory Logo
Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory

Abusing DNSAdmins privilege for escalation in Active Directory

Free
IAM

PINNED

InfoSecHired Logo

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Commercial
Resources
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Free
Resources
System Two Security Logo

System Two Security

An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Commercial
Security Operations
Aikido Security Logo

Aikido Security

Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Commercial
Application Security
Permiso Logo

Permiso

Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Commercial
IAM
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial
Cloud Security
Adversa AI Logo

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial
AI Security