From 568ed003bd2fe6c89c561a9dc6fae600d8d1835e Mon Sep 17 00:00:00 2001 From: Nick Jones Date: Mon, 16 Oct 2023 18:16:01 +0200 Subject: [PATCH] Update IAM.md --- docs/aws/services/IAM.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/aws/services/IAM.md b/docs/aws/services/IAM.md index 1e94de7..bfb5274 100644 --- a/docs/aws/services/IAM.md +++ b/docs/aws/services/IAM.md @@ -522,8 +522,8 @@ The IAM credential report lists all IAM Users and the states of all their creden ## Common Tooling +- - An SMT solver that mimics the AWS IAM policy resolution engine, and will answer questions on who can do what in an AWS account. - - Graph-based IAM permissions analysis for individual accounts or Organizations. -- - A graph-based tool for visualizing effective access and resource relationships in an AWS account. - - IAM linting library in python, looks for policy errors and bad practices. - - Identifies data exfiltration, infrastructure modification, resource exposure, and privilege escalation issues with policies in an account. - - Least privilege policy generator. @@ -531,11 +531,7 @@ The IAM credential report lists all IAM Users and the states of all their creden - - AWS exploitation framework. - - Cloud infrastructure relationship mapping, with good support for IAM. - - External enumeration of IAM users and roles. - -### Internal Tooling - -- [iamspy](https://git2.f-secure.com/cloud/aws/iamspy) - An SMT solver that mimics the AWS IAM policy resolution engine, and will answer questions on who can do what in an AWS account. -- [iam-hunter](https://git2.f-secure.com/cloud/aws/iam-hunter) - Highlights dangerous roles across an entire AWS organization based on known privilege escalation techniques. +- - A graph-based tool for visualizing effective access and resource relationships in an AWS account. Unmaintained, but still sometimes useful. ## External References