Privilege Escalation
Pacu tool
IAM Privilege Escalation
Lists all managed policies that are attached to the specified IAM user :
Retrieves information about the specified managed policy :
Lists information about the versions of the specified managed policy :
Retrieves information about the specified version of the specified managed policy :
Add an inline policy document that is embedded in the specified IAM user :
Lists the names of the inline policies embedded in the specified IAM user :
AWS IAM Privilege Escalation – Methods and Mitigation
Attaching a policy to a user
iam:AttachUserPolicy
Attaching a policy to a group
iam:AttachGroupPolicy
Attaching a policy to a role
iam:AttachRolePolicy
Creating a new user access key
iam:CreateAccessKey
Creating a new login profile
iam:CreateLoginProfile
Updating an existing login profile
iam:UpdateLoginProfile
Creating an EC2 instance with an existing instance profile
iam:PassRole ec2:RunInstances
Creating/updating an inline policy for a user
iam:PutUserPolicy
Creating/updating an inline policy for a group
iam:PutGroupPolicy
Creating/updating an inline policy for a role
iam:PutRolePolicy
Adding a user to a group
iam:AddUserToGroup
Updating the AssumeRolePolicyDocumentof a role
iam:UpdateAssumeRolePolicy sts:AssumeRole
Passing a role to a new Lambda function, then invoking it
iam:PassRole lambda:CreateFunction lambda:InvokeFunction
Updating the code of an existing Lambda function
lambda:UpdateFunctionCode
EC2 Privilege Escalation
Get Information about user identity / role identity :
Lists all managed policies that are attached to the specified IAM user :
Retrieves information about the specified version of the specified managed policy :
Get-Information about instance id :
Lists the instance profiles :
Attach an instance profile with a role to a EC2 instance: :
Last updated