Name: Detecting Aws Iam Privilege Escalation
Author: mukul975

Overview

This skill uses boto3 and Cloudsplaining-style analysis to identify IAM privilege escalation paths in AWS accounts. It downloads the account authorization details, analyzes each policy for dangerous permission combinations (iam:PassRole + lambda:CreateFunction, iam:CreatePolicyVersion, sts:AssumeRole), and flags policies that violate least-privilege principles.

When to Use

When investigating security incidents that require detecting aws iam privilege escalation
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with boto3 library
AWS credentials with IAM read-only access (iam:GetAccountAuthorizationDetails)
Optional: cloudsplaining Python package for HTML report generation

Steps

Overview

When to Use

When investigating security incidents that require detecting aws iam privilege escalation
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with boto3 library
AWS credentials with IAM read-only access (iam:GetAccountAuthorizationDetails)
Optional: cloudsplaining Python package for HTML report generation

Detecting Aws Iam Privilege Escalation

Overview

When to Use

Prerequisites

Steps

Detecting Aws Iam Privilege Escalation

Overview

When to Use

Prerequisites

Steps

Expected Output

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security