Evaluating the privilege escalation risk of people and non-people identities across multiple Amazon Web Services (AWS) organizations, containing hundreds of AWS accounts is challenging. Unauthorized access to data and systems by elevating the privileges associated with their account – whether on purpose or by accident creates a hidden danger. Service control policies, permission boundaries, allow/deny statements, notPrincipal, notAction, resource statements, conditions, assumed roles, group membership, and SSO users with multiple roles and resource policies (S3, KMS, etc.) make understanding all effective permission of an individual identity a problem that cannot be solved by evaluating a single policy or calling an AWS API. Take a look at our eBook as we take a deep dive into evaluating privilege escalation risk and solve some of the common issues.
Most cloud privilege escalation and identity permission misconfigurations have been focus on identity, offering ‘best practices’ and not context on what is exploitable and how it is done.
By documenting specific combinations, our eBook takes a deep dive into evaluating an AWS privilege escalation risk and solves some of the common issues you may find in your environment.
Download our eBook on Evaluating Privilege Escalation Risk to Learn:
- The Dangers of Privilege Escalation Risk in AWS
- Common Data Breach Patterns For Keys and Secrets Management and How To Spot Them
- How To Detect Privilege Escalations and Prevent Them From Happening in AWS