Bug Culture Wiki
Pages (Latest 3 updated) : Menu (Edit):
Add new Edit Delete History Source
Contents:
  1. Identity and Access Management (IAM)
    1. IAM for Pentesters

Identity and Access Management (IAM)

Who (identity) can do what (actions) to which resources (targets)

  • Users
    • Human or Application
    • Long-Term Creds
  • Groups
    • Grouping of Users
    • Permissions attached to the group
  • Policies
    • JSON document that defines permissions
    • Attached to users, groups, or roles
    • Managed vs Inline
  • Roles
    • Similar to user but no long-term creds
    • Temp. credentials via assumption

IAM for Pentesters

  • Misconfigurations
    • Privileges escalation
    • Lateral movement
    • Exfiltrate data
    • Establish persistence
  • What to look for
    • Users W/ excessive permissions
    • Roles that can be assumed
    • Policies with wildcards () (e.g., β€œAction”: β€œβ€ or β€œResource”: β€œ*”)
    • Services or Lambda functions W/ elevated IAM permissions