Pathfinding.cloud offers resources for security and DevOps professionals to identify and address IAM privilege escalation risks in AWS. It includes a library of exploitation guides and a coverage map, along with upcoming labs for hands-on practice in a controlled setting.

This article discusses a method for privilege escalation in AWS SageMaker, paralleling previous exploits in EC2. It explains how an attacker can manipulate lifecycle configurations to run unauthorized code and gain access to IAM roles. The author provides a proof of concept and highlights the need for better security measures.

This article details the evolution of AWS privilege escalation, highlighting the shift from IAM policy abuse to service-based execution and AI orchestration. It discusses the various escalation techniques, including those introduced by new AI services like Bedrock and AgentCore, and outlines which actions can be effectively blocked by security policies.

PowerUserAccess in AWS environments can inadvertently grant attackers opportunities similar to those provided by AdministratorAccess, especially in complex setups. The article emphasizes the importance of adhering to the Principle of Least Privilege and advocates for regular IAM audits and the use of custom policies to mitigate risks associated with privilege escalation.

Privilege escalation risks in AWS's Bedrock AgentCore arise from its Code Interpreter tool, which allows non-agent identities to execute code and potentially gain unauthorized access to IAM roles. Without proper access controls like resource policies, these risks can lead to significant security vulnerabilities, necessitating the use of Service Control Policies for centralized management. Enhanced monitoring and auditing are also essential to prevent misuse of these powerful tools.

A new privilege escalation technique in Google Cloud Platform (GCP) leverages IAM Conditions and tagBindings, allowing users with low-risk roles to gain elevated access by attaching specific tags to resources. This method exploits the oversight of tag permissions, which are often not considered sensitive, leading to unauthorized access without modifying IAM policies directly. The article highlights the risks associated with misconfigured trust boundaries in GCP's IAM setup.