mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
chore: fix license, add disclaimer, quick start, GitHub topics, issue templates
This commit is contained in:
@@ -0,0 +1,79 @@
|
||||
# AWS IAM Privilege Escalation Detection API Reference
|
||||
|
||||
## boto3 IAM API
|
||||
|
||||
```python
|
||||
import boto3
|
||||
|
||||
iam = boto3.client("iam")
|
||||
|
||||
# Download full account authorization details
|
||||
paginator = iam.get_paginator("get_account_authorization_details")
|
||||
for page in paginator.paginate():
|
||||
users = page["UserDetailList"]
|
||||
roles = page["RoleDetailList"]
|
||||
policies = page["Policies"]
|
||||
|
||||
# Get specific policy version
|
||||
policy = iam.get_policy_version(
|
||||
PolicyArn="arn:aws:iam::123456789012:policy/MyPolicy",
|
||||
VersionId="v2"
|
||||
)
|
||||
```
|
||||
|
||||
## Cloudsplaining CLI
|
||||
|
||||
```bash
|
||||
# Install
|
||||
pip install cloudsplaining
|
||||
|
||||
# Download account authorization details
|
||||
cloudsplaining download --profile myprofile
|
||||
|
||||
# Scan authorization file for privilege escalation
|
||||
cloudsplaining scan --input-file default.json --output results/
|
||||
|
||||
# Scan a single policy file
|
||||
cloudsplaining scan-policy-file --input-file policy.json
|
||||
```
|
||||
|
||||
## Known Privilege Escalation Vectors
|
||||
|
||||
| Vector | Required Permissions | Risk |
|
||||
|--------|---------------------|------|
|
||||
| CreatePolicyVersion | `iam:CreatePolicyVersion` | Critical |
|
||||
| AttachUserPolicy | `iam:AttachUserPolicy` | Critical |
|
||||
| PutUserPolicy | `iam:PutUserPolicy` | Critical |
|
||||
| PassRole + Lambda | `iam:PassRole`, `lambda:CreateFunction`, `lambda:InvokeFunction` | Critical |
|
||||
| PassRole + EC2 | `iam:PassRole`, `ec2:RunInstances` | Critical |
|
||||
| UpdateAssumeRolePolicy | `iam:UpdateAssumeRolePolicy` | Critical |
|
||||
| PassRole + CloudFormation | `iam:PassRole`, `cloudformation:CreateStack` | High |
|
||||
| PassRole + SSM | `iam:PassRole`, `ssm:SendCommand` | Critical |
|
||||
|
||||
## AWS CLI IAM Audit Commands
|
||||
|
||||
```bash
|
||||
# List all users with attached policies
|
||||
aws iam list-users --output json
|
||||
|
||||
# Get user's inline policies
|
||||
aws iam list-user-policies --user-name admin
|
||||
|
||||
# Get attached managed policies
|
||||
aws iam list-attached-user-policies --user-name admin
|
||||
|
||||
# Simulate policy evaluation
|
||||
aws iam simulate-principal-policy \
|
||||
--policy-source-arn arn:aws:iam::123456789012:user/admin \
|
||||
--action-names iam:CreatePolicyVersion iam:AttachUserPolicy
|
||||
|
||||
# Get account authorization details (full dump)
|
||||
aws iam get-account-authorization-details > auth-details.json
|
||||
```
|
||||
|
||||
## Parliament (Policy Linting)
|
||||
|
||||
```bash
|
||||
pip install parliament
|
||||
parliament --file policy.json
|
||||
```
|
||||
Reference in New Issue
Block a user