You need to give your AWS role a set of permissions, but you still want to feel warm and safe on the inside. “Why not ReadOnlyAccess?” you ask. “I can just deny the permissions I don’t like” you proclaim. Let me show you how your faith in ReadOnly access will…

Read First: If you’re new to Ghostwriter, start with this blog post to understand the project’s goals: https://posts.specterops.io/introducing-ghostwriter-part-1-61e7bd014aff For those of you lacking the desire or the attention span to read another blog post, here’s the gist: Ghostwriter is a web-based red team report generation tool Ghostwriter can keep track of clients…

TLDR: Given proper trust relationships, a role assumed with temporary credentials can be preserved indefinitely and give an attacker persistent access to an AWS environment by role chaining in a cyclical pattern. Read first: Welcome to the AWS Security Token Service API Reference AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege…docs.aws.amazon.com