If a user has iam:CreateAccessKey on another user (or themselves), they can generate new credentials and bypass rotation policies.
Whether you are preparing for a certification or hardening a production environment, mastering these tricks is the first step toward true AWS security. hacktricks aws
Creating a new IAM user with an obscured name or adding a second set of Access Keys to an existing user. If a user has iam:CreateAccessKey on another user
You might think "PassRole just allows attaching a role to a service. That seems fine." You might think "PassRole just allows attaching a
Disable IMDSv1 on all EC2 instances to mitigate SSRF risks. Conclusion
The topic of "Hacktricks AWS" encompasses a wide range of techniques, tools, and best practices for both attackers and defenders operating within Amazon Web Services. A deep dive into this area not only helps in understanding potential vulnerabilities but also in strengthening security posture in the cloud. Whether you're a penetration tester, a security professional, or an AWS administrator, staying informed about the latest in cloud security is essential.