It started with a simple alert that would be easily overlooked—a sudden, unexpected spike in API activity from an IAM role that should have been dormant. No alarms were blaring (yet), and no critical systems had failed, but something felt… off. This is where instincts kick in. This is how a routine security review turned…
In our last post, we discussed detecting IAM policy shadowing using AWS-native tools. But detection alone isn’t enough—we must prevent these conflicts before they happen. A well-structured IAM policy follows least privilege principles, avoiding unintended permission escalations. In this post, we’ll cover best practices for writing secure IAM policies, including how to structure them correctly,…
In December 2022, security researchers at Sysdig uncovered real-world cases of privilege escalation via IAM misconfiguration. An attacker exploited an overlooked permission in an AWS environment, allowing them to modify IAM policies. By leveraging the ability to create new policy versions, they granted themselves full administrative access—bypassing intended security controls. This type of shadow IAM…
IAM policies are like layered security badges—one might deny you entry, but you’re in if another gives you an all-access pass. This is AWS IAM Policy Shadowing. If you’re managing AWS IAM policies, you probably feel pretty confident about your security controls. But what if I told you there’s a hidden risk that could be…
I am an engineer by nature. I am technical down to my soul. My heart is not a fleshy pump but a contraption of gears and levers. My curiosity and need to understand the inner workings of all systems (and then how they can be broken), is the engine of how I work. It’s important…
Packets or it didn’t happen! Packet captures are king.
The technique of Open Source Intelligence is a powerful tool that is being used for good and evil all the time.
The journey we are on is personal and failure can act as sherpas, leading us to where we want to go.