
Investigating Privilege Escalation Methods in AWS - alg2000
https://know.bishopfox.com/research/privilege-escalation-in-aws
======
ufmace
None of these seem very interesting or tricky to me. The fact that users with
the ability to edit permission structure things can leverage that to give
themselves more permissions just seems kind of obvious.

~~~
akerl_
I don’t think shown like this they’re meant to be “tricky”, but there are so
many tutorials and example policies out there that don’t fully specify their
IAM policies and would run afoul of these if they were used as-is.

------
kevinStorj
The Privilege Escalation attack vector can be avoided by using a capability-
based security model, ala: [https://storj.io/blog/2019/12/secure-access-
control-in-the-d...](https://storj.io/blog/2019/12/secure-access-control-in-
the-decentralized-cloud/)

~~~
donavanm
How is this relevant? AFAICT AWS Policy statements _are_ capabilities. Each
policy statement denotes both actions and resources, and that policy is then
granted to another identity/resource.

As noted by other comments the parent article focuses on capabilities that
grant definition of capabilities. It shouldn't be surprising that principals
can use that to establish further capabilities _in the absence of other
restrictions_.

