Back to directory
WRITEUP #999

How Abusing AWS CloudFormation Led to a Total Takeover of an AWS Environment

CloudInformation disclosurePrivilege escalationAccount takeover
by@Nightbanes(Matthew Keeley)
Program
-
Published
Jul 2, 2023
Added to HackDex
Jul 3, 2023
Read Full Writeuphttps://blog.prodefense.io/how-abusing-aws-cloudformation-led-to-a-total-takeover-of-an-aws-environment-7f94cabd671d
RELATED WRITEUPS
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat