Skill

detecting-aws-iam-privilege-escalation

From asi

Detects AWS IAM privilege escalation paths using boto3 and Cloudsplaining analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations.

AWS

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill uses boto3 and Cloudsplaining-style analysis to identify IAM privilege escalation paths in AWS accounts. It downloads the account authorization details, analyzes each policy for dangerous permission combinations (iam:PassRole + lambda:CreateFunction, iam:CreatePolicyVersion, sts:AssumeRole), and flags policies that violate least-privilege principles.

SKILL.md

Similar Skills

detecting-aws-iam-privilege-escalation

5.9k

Detects AWS IAM privilege escalation paths using boto3 and Cloudsplaining analysis to flag overly permissive policies, dangerous permission combos, and least-privilege violations.

3 files

cybersecurity-skills

performing-aws-privilege-escalation-assessment

Identifies AWS IAM privilege escalation paths using Pacu, CloudFox, Principal Mapper, and policy simulation during authorized pentests to validate least privilege.

asi

detecting-aws-iam-privilege-escalation

Detects AWS IAM privilege escalation paths using boto3 and Cloudsplaining analysis. Identifies overly permissive policies, dangerous permission combos, and least privilege violations.

3 files

cybersecurity-skills-zh

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Detecting AWS IAM Privilege Escalation

Overview

When to Use

When investigating security incidents that require detecting aws iam privilege escalation

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with boto3 library

AWS credentials with IAM read-only access (iam:GetAccountAuthorizationDetails)

Optional: cloudsplaining Python package for HTML report generation

Steps

Download IAM Authorization Details — Call iam:GetAccountAuthorizationDetails to retrieve all users, groups, roles, and policies

Analyze Policies for Privilege Escalation — Check each policy for known escalation permission combinations

Identify Wildcard Resource Policies — Flag policies using Resource: "*" with dangerous actions

Map Principal-to-Policy Relationships — Build a graph of which principals can access which escalation paths

Score and Prioritize Findings — Rank findings by severity based on escalation vector type

Generate Report — Produce structured JSON report with remediation guidance

Expected Output

JSON report of privilege escalation findings with severity scores

List of dangerous permission combinations per principal

Wildcard resource policy audit results

Remediation recommendations for each finding