Cloud Pentesting - IAM Enumeration for Privilege Escalation

If you haven't dabbled in Cloud Pentesting, I highly recommend it. It's a lot of fun and a great way to experience cloud in a way that most devops teams miss when managing IAM permissions. In this video, I'm going to show you two tools that are great for analyzing IAM permissions, and looking for privilege escalation within an AWS environment. Become an IAM Policy Master in 60 Minutes or Less - https://www.youtube.com/watch?v=YQsK4MtsELU Cloudsplaining - https://github.com/salesforce/cloudsplaining AWSPX - https://github.com/FSecureLABS/awspx Privilege escalation in AWS - https://bishopfox.com/blog/privilege-escalation-in-aws IAM Enumeration Challenge - https://attackdefense.pentesteracademy.com/challengedetailsnoauth?cid=2245 0:00 Intro 0:40 Lab Setup 2:20 IAM Console 5:25 Cloudsplaining 13:25 AWSPX 14:40 Patching AWSPX 21:45 Forward Tracing 24:20 Back Tracing 29:55 Wrap up