From AWSLambda_ReadOnlyAccess to Full Compromise
From AWSLambda_ReadOnlyAccess to Full Compromise Introduction In this blog post, I want to highlight the dangers of blindly using AWS-managed policies without verifying their underlying permissions. While building an AWS lab for Red and Blue teams and researching privilege escalation scenarios, I came across several interesting AWS-managed policies. A prime example is AWSLambda_ReadOnlyAccess. Despite its seemingly restrictive name, this policy grants far more read access than one might expect. Ideally, these permissions should be split or refined to better reflect their true scope. ...