lyft
Enable quick exploration of Rhino Security Labs AWS PrivEsc methods
Description:
Describe your idea. Please be detailed. If a feature request, please describe the desired behavior, what scenario it enables, and how it would be used.
As discussed in this cartography meeting, we should use the data and relationships in cartography to quickly reveal attack techniques described in this article: https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
We could also adapt Rhino Labs' existing script: https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py; see "Scanning for Permission Flaws: aws_escalate" in that article.
For example, we could add a CreateAccessKeyVulnerable=True field to the :AWSPrincipal node to quickly identify targets accessible with a given AWS Access Key, or something else. (this is a bad example, but hopefully you get the idea of reading this article and finding neat techniques that we could quickly expose in the graph).
In general I think this can be a huge added value for organisations. Being able to statically "pentest" infra based on Cartography's data and quickly identify potential issues is a great proposition IMHO.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed for inactivity. If you still wish to make these changes, please open a new change or reopen this one.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.