Closed achantavy closed 1 year ago
lgomezma
commented
3 years ago In general I think this can be a huge added value for organisations. Being able to statically "pentest" infra based on Cartography's data and quickly identify potential issues is a great proposition IMHO.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
stale[bot]
commented
3 years ago This issue has been automatically closed for inactivity. If you still wish to make these changes, please open a new change or reopen this one.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Description:
As discussed in this cartography meeting, we should use the data and relationships in cartography to quickly reveal attack techniques described in this article: https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
We could also adapt Rhino Labs' existing script: https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py; see "Scanning for Permission Flaws: aws_escalate" in that article.
For example, we could add a
CreateAccessKeyVulnerable=Truefield to the:AWSPrincipalnode to quickly identify targets accessible with a given AWS Access Key, or something else. (this is a bad example, but hopefully you get the idea of reading this article and finding neat techniques that we could quickly expose in the graph).