In our last post, we discussed detecting IAM policy shadowing using AWS-native tools. But detection alone isn’t enough—we must prevent these conflicts before they happen. A well-structured IAM policy follows least privilege principles, avoiding unintended permission escalations. In this post, we’ll cover best practices for writing secure IAM policies, including how to structure them correctly,…
Category: Tools
How to Detect IAM Policy Shadowing in AWS Using Native Tools
In December 2022, security researchers at Sysdig uncovered real-world cases of privilege escalation via IAM misconfiguration. An attacker exploited an overlooked permission in an AWS environment, allowing them to modify IAM policies. By leveraging the ability to create new policy versions, they granted themselves full administrative access—bypassing intended security controls. This type of shadow IAM…
What Lurks in the Shadows of IAM? The Hidden Risk of Shadow Permissions
IAM policies are like layered security badges—one might deny you entry, but you’re in if another gives you an all-access pass. This is AWS IAM Policy Shadowing. If you’re managing AWS IAM policies, you probably feel pretty confident about your security controls. But what if I told you there’s a hidden risk that could be…
A High-level Look at Threat Hunting with Wireshark and Packet Captures
Packets or it didn’t happen! Packet captures are king.