performing-aws-privilege-escalation-assessment

# Performing AWS Privilege Escalation Assessment ## When to Use - When conducting authorized penetration testing of AWS IAM configurations - When validating that IAM policies follow the principle of least privilege - When assessing the blast radius of a compromised AWS credential - When building security reviews for IAM role and policy changes in CI/CD pipelines - When evaluating cross-account trust relationships for privilege escalation risks **Do not use** for unauthorized testing against AWS accounts, for assessing non-IAM attack vectors (SSRF, application vulnerabilities), or as a substitute for comprehensive cloud penetration testing. Always obtain written authorization before testing. ## Prerequisites - Written authorization for privilege escalation testing in the target AWS account - Test IAM user or role with limited permissions as the starting point - Pacu installed (`pip install pacu`) - CloudFox installed (`go install github.com/BishopFox/cloudfox@latest`) - PMapper (Principal Mapper) installed (`pip install principalmapper`) - AWS CLI configured with test credentials and CloudTrail logging enabled for audit trail ## Workflow ### Step 1: Enumerate Starting Permissions Establish the baseline permissions of the test principal before attempting escalation. ```bash # Get current identity aws sts get-caller-identity # Enumerate inline and attached policies for the current user aws iam list-user-policies --user-name test-user aws iam list-attached-user-policies...