Multi-Session Compromise

ACM.146 How session compromise could defeat segregation of duties

Teri Radichel
Cloud Security
Published in
7 min readJan 31, 2023

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: IAM | AWS Security | Data Breaches | Penetration Testing

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yesterday I explained some of the issues related to session compromise.

Then I mentioned that I have one other concern [at least] for this approach of using two different roles for separation of duties to limit an abuse of create user permissions.

The way I have been demonstrating segregation of duties in these posts up till now is with all my code on one host where I execute commands with one user that requires MFA to assume…

--

--

Teri Radichel
Teri Radichel

Written by Teri Radichel

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award