Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request - add privilege escalation checks #7

Open
x4v13r64 opened this issue Jul 24, 2018 · 2 comments
Open

feature request - add privilege escalation checks #7

x4v13r64 opened this issue Jul 24, 2018 · 2 comments
Labels
component-provider-aws Affects AWS provider enhancement New feature or request
Milestone
Medium-Term Miles...

Comments

@x4v13r64
Copy link
Collaborator

x4v13r64 commented Jul 24, 2018
edited

Implement privilege checks similar to:
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

Also check if IAM roles are assigned with "excessive" permissions.
@x4v13r64 x4v13r64 transferred this issue from nccgroup/Scout2 Nov 14, 2018
@x4v13r64 x4v13r64 added enhancement New feature or request component-provider-aws Affects AWS provider labels Nov 14, 2018
@x4v13r64 x4v13r64 changed the title Add privilege escalation checks feature request - add privilege escalation checks Dec 20, 2018
@Aboisier Aboisier added this to To do in Scout Suite Jan 15, 2019
@x4v13r64
Copy link
Collaborator Author

This could be a tab similar as Attack Surface

@x4v13r64
Copy link
Collaborator Author

x4v13r64 commented Jun 3, 2019

Related to #364.

@x4v13r64 x4v13r64 added this to the Long-Term Milestone milestone Jun 3, 2019
tgn-outscale added a commit to outscale/ScoutSuite that referenced this issue Feb 1, 2021
@tgn-outscale
Merge pull request nccgroup#7 from lmx-outscale/osc_provider_auth
8329639 
Multiple fixes, still WIP and not working
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-provider-aws Affects AWS provider enhancement New feature or request
Projects
None yet
Milestone
Medium-Term Milestone
Development

No branches or pull requests
1 participant
@x4v13r64