SECURITY PROJECT · CLOUD SECURITY
AWS IAM Privilege Escalation Simulation
CLOUD SECURITY AWS IAM PRIVILEGE ESCALATION MITRE ATT&CK CVSS 9.1

IAM misconfiguration simulation demonstrating privilege escalation from low-privilege user to administrator in a controlled AWS environment. Full attack chain executed via AWS CLI in under 45 seconds — with CVSS 9.1 findings, MITRE ATT&CK Cloud Matrix mapping, and complete least-privilege remediation.

VIEW DETAILS ↓
AREAS COVERED
Phase 1 — Misconfiguration
IAM User & Overpermissioned Policy Setup
Created a low-privilege IAM user with iam:AttachUserPolicy scoped to Resource: "*" — a single permission that enables full administrator escalation with no further access required.
Phase 2 — Attack Chain
Privilege Escalation via AWS CLI
Step-by-step exploitation: low-privilege user attaches AdministratorAccess, creates a backdoor admin user, and generates persistent credentials — full takeover in 45 seconds with raw CLI output logged.
Phase 3 — Impact Assessment
CVSS 9.1 · MITRE ATT&CK Cloud Mapping
5 findings with CVSS v3.1 vector strings. Mapped to MITRE ATT&CK Cloud Matrix: T1078.004 (Valid Cloud Accounts), T1484.001 (Policy Modification), T1098.001 (Additional Cloud Credentials), and more.
Phase 4 — Remediation
Principle of Least Privilege Fix
Before/after policy comparison, fine-grained IAM remediation CLI commands, and an SCP (Service Control Policy) to block self-escalation org-wide — eliminating the attack vector at the organisation level.
REPORT
AWS IAM Privilege Escalation Simulation
Full report — misconfiguration setup, attack chain with CLI logs, CVSS 9.1 findings, MITRE ATT&CK mapping, and least-privilege remediation with before/after policy comparison.
DOWNLOAD REPORT ↓