all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

AWS EC2 Auto Scaling Privilege Escalation

Add to bookmarks
Jan. 14, 2023, 4:29 a.m. | Edoardo Rosa

InfoSec Write-ups - Medium infosecwriteups.com

Introduction

This article is about a privilege escalation abusing AWS managed policies and default configurations.

IAM permission misconfigurations and privilege escalations on AWS have been thoroughly discussed in the past, especially from Rhino Security Labs and Bishop Fox, so at I created an AWS laboratory account to test old and new attacks on the AWS infrastructure, especially the IAM service.

While searching for strange permissions provided by Amazon managed policies and their combination it was found that the policy …

abusing account amazon article attacks auto aws bishop fox blue team cloud services default ec2 escalation fox iam infrastructure labs managed misconfigurations old permission permissions policies privesc privilege privilege escalation red team rhino scaling security service test

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Mastering Shodan Search Engine 1 day ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 1 day ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 1 day ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 1 day ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 1 day ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 1 day ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1
Demystifying Password Cracking: Attacks and Defence Strategies 1 day ago | infosecwriteups.com
cybersecurity ethical hacking hacking infosec +1
Race Condition and Broken Access Control on Developer Dashboard 1 day ago | infosecwriteups.com
access access control broken access control can +24
Windows Fundamentals 1 | TryHackMe Walk-Through 1 day ago | infosecwriteups.com
cybersecurity infosec security tryhackme +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Director, Data Security Lead

@ Mastercard | London, England (Angel Lane)
View on infosec-jobs.com

Security Officer L1

@ NTT DATA | Texas, United States of America
View on infosec-jobs.com

Sr. Staff Application Security Engineer

@ Aurora Innovation | Seattle, WA
View on infosec-jobs.com

Senior Penetration Testing Engineer

@ WPP | Chennai
View on infosec-jobs.com

Cyber Security - Senior Software Developer in Test

@ BlackBerry | Bengaluru, Residency Road
View on infosec-jobs.com
View more jobs