AWS - STS Persistence
STS
For more information access:
AWS - STS EnumAssume role token
Temporary tokens cannot be listed, so maintaining an active temporary token is a way to maintain persistence.
Role Chain Juggling
Role chaining is an acknowledged AWS feature, often utilized for maintaining stealth persistence. It involves the ability to assume a role which then assumes another, potentially reverting to the initial role in a cyclical manner. Each time a role is assumed, the credentials' expiration field is refreshed. Consequently, if two roles are configured to mutually assume each other, this setup allows for the perpetual renewal of credentials.
You can use this tool to keep the role chaining going:
Note that the find_circular_trust.py script from that Github repository doesn't find all the ways a role chain can be configured.
Last updated