Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[New Rule] AWS STS GetSessionToken Abuse (#1213)
* Update impact_iam_deactivate_mfa_device.toml #1111 * Update impact_iam_deactivate_mfa_device.toml * Update discovery_post_exploitation_external_ip_lookup.toml "*ipapi.co", "*ip-lookup.net", "*ipstack.com" * Update rules/aws/impact_iam_deactivate_mfa_device.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Revert "Update discovery_post_exploitation_external_ip_lookup.toml" This reverts commit b57fd60. * Update * New Rule: Okta User Attempted Unauthorized Access * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml * Create persistence_new-or-modified-federation-domain.toml * Delete persistence_new-or-modified-federation-domain.toml * Create lateral_movement_sts_getsessiontoken_abuse.toml * Rename lateral_movement_sts_getsessiontoken_abuse.toml to privilege_escalation_sts_getsessiontoken_abuse.toml * Update privilege_escalation_sts_getsessiontoken_abuse.toml * Update rules/aws/privilege_escalation_sts_getsessiontoken_abuse.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update .gitignore Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update privilege_escalation_sts_getsessiontoken_abuse.toml * Update privilege_escalation_sts_getsessiontoken_abuse.toml * Update * Update rules/integrations/aws/privilege_escalation_sts_getsessiontoken_abuse.toml Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> (cherry picked from commit 93b8038)
- Loading branch information