This technique leverages a legacy autoscaling permission related to launch configurations and launch templates to create autoscaling groups with more privileged roles by abusing a confused deputy condition that trusts the EC2 service.
I plan to explain this attack path and constraints in a future blog post but I wanted to contribute this to the larger cloud security community.
This technique leverages a legacy autoscaling permission related to launch configurations and launch templates to create autoscaling groups with more privileged roles by abusing a confused deputy condition that trusts the EC2 service.
I plan to explain this attack path and constraints in a future blog post but I wanted to contribute this to the larger cloud security community.