"opinions on whether these belong next to the ones above or deserve their own section, let me know your thoughts! permissions : required versus additional permissions this and the next section are maybe the two most important to me. regarding permissions, i separated permissions i…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
89%
"introducing pathfinding. cloud today we ’ re releasing pathfinding. cloud, an extensive knowledge base that documents the iam permissions and permission sets that allow for privilege escalation in aws. each path in the library specifically calls out the prerequisites required for…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
83%
"administrative principal to gain access to another non - administrative principal. you might think this is no big deal. but if the second principal has access to sensitive data that the first principal does not, this path is still quite important and impactful. for many practitio…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
82%
", " name " : " iam : passrole + bedrock - agentcore : createcodeinterpreter + bedrock - agentcore : startcodeinterpretersession + bedrock - agentcore : invokecodeinterpreter " } [ and many more... ] acknowledgements thanks to daniel grzelak for our brainstorming session about tax…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
81%
"the resource section - permission : ec2 : runinstances resourceconstraints : must have permission to launch ec2 instances additional : - permission : iam : listroles resourceconstraints : helpful for discovering available roles to pass - permission : iam : getrole resourceconstra…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
81%
"compromising any one of them would give an attacker control over the environment. the library includes more than 60 unique paths, and there is still more work to do. we still need to add other previously documented paths, and new paths are discovered and shared by the community e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
75%
"readable yaml file that is used for each path, and they all get exported to a single paths. json that powers the site. here ’ s a look at one of the most commonly exploited privesc paths, ec2 - 001 : iam : passrole + ec2 : runinstances in yaml format : id : ec2 - 001 name : iam :…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
52%
"passrole paths are all of the ones that include iam : passrole. they deserve their own category because they follow a consistent pattern : passing a privileged role to a newly created aws resource that executes code or commands. whether it ' s ec2, lambda, glue, or bedrock, the e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Introducing Pathfinding.cloud, a library of AWS IAM privilege escalation paths