AWS-IAM-Privilege-Escalation
AWS IAM exploits
A collection of research and documentation on methods for exploiting weaknesses in AWS IAM to gain unauthorized access
A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
897 stars
33 watching
118 forks
last commit: over 5 years ago
Linked from 2 awesome lists
4ndersonlin/awesome-cloud-security
teamssix/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| rhinosecuritylabs/gcp-iam-privilege-escalation | A collection of GCP IAM privilege escalation methods and their associated tools | 343 |
 bishopfox/iam-vulnerable | A tool to create a vulnerable AWS IAM configuration playground | 479 |
 salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
 bridgecrewio/airiam | Automates least privilege AWS IAM configuration management by detecting and replacing unnecessary resources with Terraform models | 776 |
| rhinosecuritylabs/security-research | Exploits and security research written by a team of experts | 1,059 |
 andresriancho/enumerate-iam | A tool to automatically enumerate permissions associated with AWS credentials | 1,096 |
| rhinosecuritylabs/cloud-security-research | Publishing research findings on cloud security vulnerabilities and exploitation techniques | 355 |
| salesforce/policy_sentry | Automates the creation of least-privilege IAM policies for AWS services | 2,014 |
| rhinosecuritylabs/pacu | An AWS exploitation framework designed to test the security of Amazon Web Services environments | 4,391 |
 awslabs/aws-iam-generator | Automates AWS IAM user and group creation based on configuration files. | 240 |
 welldone-cloud/aws-lint-iam-policies | A tool that analyzes AWS IAM policies to detect security vulnerabilities and best practice violations. | 111 |
 netflix/consoleme | A tool for managing AWS IAM permissions and access across multiple accounts and users | 3,141 |
 ayoul3/privesc | Tools for exploiting privilege escalation vulnerabilities on z/OS systems | 79 |
 sslab-gatech/pwn2own2020 | An exploitation project demonstrating how to chain vulnerabilities in Safari to escalate privilege on macOS | 402 |
 aabyss-team/awskeytools | A tool for exploiting access key leaks in AWS cloud environments | 348 |