Back to directory

WRITEUP #1094

Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service

CloudPrivilege escalationRace condition

by@benbridts(Ben Bridts)

Program

AWS

Published

Jun 7, 2023

Added to HackDex

Feb 27, 2024

Read Full Writeuphttps://cloudar.be/awsblog/spotted-privilege-escalation-in-aws-directory-service/

▸ RELATED WRITEUPS

Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD

CloudPrivilege escalation

UnOAuthorized: Privilege Elevation Through Microsoft Applications

CloudPrivilege escalation

Escalating Privileges in Google Cloud via Open Groups

CloudPrivilege escalation

ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions

CloudPrivilege escalation

Built with ❤️ by Shubham Rawat