search

nccgroup / PMapper

A tool for quickly evaluating IAM permissions in AWS.
GNU Affero General Public License v3.0
1.37k stars 169 forks source link

New Edges: AWS Glue and DataPipeline #96

Open ncc-erik-steringer opened 2 years ago

ncc-erik-steringer commented 2 years ago

Pulling in some lessons learned from the "iam-vulnerable" project: https://github.com/BishopFox/iam-vulnerable .

TODO:

  1. Apply the following Terraform files and verify the noted permission combinations lead to Edges.
    1. https://github.com/BishopFox/iam-vulnerable/blob/main/modules/free-resources/privesc-paths/privesc18-PassExistingRoleToNewGlueDevEndpoint.tf
    2. https://github.com/BishopFox/iam-vulnerable/blob/main/modules/free-resources/privesc-paths/privesc19-UpdateExistingGlueDevEndpoint.tf
    3. https://github.com/BishopFox/iam-vulnerable/blob/main/modules/free-resources/privesc-paths/privesc21-PassExistingRoleToNewDataPipeline.tf
  2. Create a new edge checker object for Glue and for DataPipeline, maintaining with/without connectivity separation as in LambdaEdgeChecker when appropriate.