fwd:cloudsec Cloud Conference in Boston (July 25)

Join us at the fwd:cloudsec in Boston on July 25, 2022!

Ermetic Team By Ermetic Team
fwd:cloudsec Cloud Conference in Boston (July 25)

Join us at the fwd:cloudsec in Boston on July 25, 2022 where Ermetic's Senior Security Researcher Noam Dahan will be presenting "Auditing PassRole: Finding the Hidden Trails of a Problematic Privilege Escalation Permission."

The iam:PassRole permission is one of the most common open privilege escalation vector in AWS accounts today, The basic idea of iam:PassRole is simple: whenever a principal (which can be a user or a role, a human, code or a service) uses a service that needs to perform other actions, the AWS architecture often has that service assume an AWS role to perform the actions. When that happens, the service performing the actions is “passed” a role by the calling principal and implicitly (without performing sts:AssumeRole) assumes that role to perform the actions. The privileges associated with the role are different from — and can be greater than — those of the principal calling the action.

In this talk, we’ll walk through the work we did to automatically map hundreds of potential actions requiring iam:PassRole and the manual and automatic methods we used to sift through these to isolate the actions which truly require the permission. We’ll discuss tips and tricks picked up along the way and how to use these to provision, control and limit iam:PassRole in AWS environments.

fwd:cloudsec is a new, non-profit, conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

Click here to register and for more information.