Exploiting, detecting, and correcting IAM security misconfigurations

Bad Actor


The real-life scenario attacks presented in this article show how it's possible for an adversary to use IAM security misconfigurations to gain high privileges inside a cloud environment. Such attacks can start with valid credentials found online or obtained by tricking users in a phishing attack and can proceed with further privilege escalation to take control of an account.

By leveraging AWS features such as CloudTrail and CloudWatch, among others, it's possible to get alerts when changes are applied in your environment, triggering automatic responses.

The Author

Stefano Chierici is a security researcher at Sysdig, where his research focuses on defending containerized and cloud environments from attacks ranging from web to kernel. Stefano is a contributor to Falco, an incubation-level Cloud Native Computing Foundation (CNCF) project. He studied cyber security in Italy, and before joining Sysdig, he was a pen tester, a security engineer, and a red team member. In 2019, he obtained the Offensive Security Certified Professional (OSCP) Certification.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=